CVE-2023-30585

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions Node.js versions (affected versions not specified)

Description A vulnerability has been identified in the Node.js installation process, specifically affecting Windows users who install Node.js using the .msi installer. This issue arises during the repair operation, where the "msiexec.exe" process attempts to read the %USERPROFILE% environment variable from the current user's registry. If the path referenced by the %USERPROFILE% environment variable does not exist, the "msiexec.exe" process attempts to create the specified path in an unsafe manner, potentially leading to the creation of arbitrary folders in arbitrary locations. The severity of this vulnerability is heightened by the fact that the %USERPROFILE% environment variable in the Windows registry can be modified by standard users, allowing unprivileged actors to manipulate the environment variable key and deceive the privileged "msiexec.exe" process.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Exploit

Untrusted Search Path

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-426

Related Identifiers

ALT-PU-2023-4642

ALT-PU-2024-14696

ALT-PU-2025-2007

ALT-PU-2025-2047

BDU:2023-04915

BIT-NODE-2023-30585

BIT-NODE-MIN-2023-30585

CVE-2023-30585

MGASA-2023-0226

OPENSUSE-SU-2024:13021-1

SUSE-SU-2023:2655-1

SUSE-SU-2023:2662-1

SUSE-SU-2023:2663-1

SUSE-SU-2023:2669-1

SUSE-SU-2023:2861-1

Affected Products

Alt Linux

Node.Js

Suse

CVE-2023-30585

Weakness Enumeration

Related Identifiers

Affected Products

References · 87