How severe is CVE-2023-38552?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.5 out of 10.

What type of vulnerability is CVE-2023-38552?

This is classified as CWE-345, which is a common weakness in software security.

CVE-2023-38552 - HIGH Severity | CVSS 7.5

Vulnerability Description

When the Node.js policy feature checks the integrity of a resource against a trusted manifest, the application can intercept the operation and return a forged checksum to the node's policy implementation, thus effectively disabling the integrity check. Impacts: This vulnerability affects all users using the experimental policy mechanism in all active release lines: 18.x and, 20.x. Please note that at the time this CVE was issued, the policy mechanism is an experimental feature of Node.js.

Related Vulnerabilities

CVE-2015-5236

HIGH

CVSS:7.5(High)

It was discovered that the IcedTea-Web used codebase attribute of the <applet> tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not ha...

CWE-3452015

CVE-2015-7539

HIGH

CVSS:7.5(High)

The Plugins Manager in Jenkins before 1.640 and LTS before 1.625.2 does not verify checksums for plugin files referenced in update site data, which makes it easier for man-in-the-middle attackers to e...

CWE-3452015

CVE-2016-1493

HIGH

CVSS:7.5(High)

Intel Driver Update Utility before 2.4 retrieves driver updates in cleartext, which makes it easier for man-in-the-middle attackers to execute arbitrary code via a crafted file.

CWE-3452016

CVE-2016-3983

HIGH

CVSS:7.5(High)

McAfee Advanced Threat Defense (ATD) before 3.4.8.178 might allow remote attackers to bypass malware detection by leveraging information about the parent process.

CWE-3452016

CVE-2016-9450

HIGH

CVSS:7.5(High)

The user password reset form in Drupal 8.x before 8.2.3 allows remote attackers to conduct cache poisoning attacks by leveraging failure to specify a correct cache context.

CWE-3452016

CVE-2017-10624

HIGH

CVSS:7.5(High)

Insufficient verification of node certificates in Juniper Networks Junos Space may allow a man-in-the-middle type of attacker to make unauthorized modifications to Space database or add nodes. Affecte...

CWE-3452017