What is the severity of CVE-2017-18869?

CVE-2017-18869 is considered a moderate severity vulnerability due to its potential for local privilege escalation through symlink attacks.

How do I fix CVE-2017-18869?

To remediate CVE-2017-18869, upgrade the chownr package to version 1.1.0 or later.

Which software is affected by CVE-2017-18869?

CVE-2017-18869 affects the chownr package for Node.js versions prior to 1.1.0.

Can I use IBM Cognos Analytics with CVE-2017-18869?

Yes, IBM Cognos Analytics versions 12.0.0-12.0.3 and 11.2.0-11.2.4 FP4 are affected and should be patched.

What type of attack does CVE-2017-18869 enable?

CVE-2017-18869 enables a local attacker to perform a Time of Check Time of Use (TOCTOU) attack by descending into unintended directories.

Vulnerability/
CVE-2017-18869

low

2.5

CWE

367

2/8/2018

15/6/2020

17/12/2024

CVE-2017-18869

First published: Thu Aug 02 2018(Updated: )

A TOCTOU issue in the chownr package before 1.1.0 for Node.js 10.10 could allow a local attacker to trick it into descending into unintended directories via symlink attacks.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/nodejs-chownr	<1.1.0	1.1.0
IBM Cognos Analytics	<=12.0.0-12.0.3
IBM Cognos Analytics	<=11.2.0-11.2.4 FP4
Node Chownr	<1.1.0

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

IBM-7177223

Frequently Asked Questions

What is the severity of CVE-2017-18869?
CVE-2017-18869 is considered a moderate severity vulnerability due to its potential for local privilege escalation through symlink attacks.
How do I fix CVE-2017-18869?
To remediate CVE-2017-18869, upgrade the chownr package to version 1.1.0 or later.
Which software is affected by CVE-2017-18869?
CVE-2017-18869 affects the chownr package for Node.js versions prior to 1.1.0.
Can I use IBM Cognos Analytics with CVE-2017-18869?
Yes, IBM Cognos Analytics versions 12.0.0-12.0.3 and 11.2.0-11.2.4 FP4 are affected and should be patched.
What type of attack does CVE-2017-18869 enable?
CVE-2017-18869 enables a local attacker to perform a Time of Check Time of Use (TOCTOU) attack by descending into unintended directories.

agent/type
agent/first-publish-date
agent/weakness
agent/severity
agent/author
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2017-18869
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/event
collector/ibm-support
source/IBM
agent/last-modified-date
agent/references
agent/softwarecombine
agent/description
agent/trending
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
package-manager/redhat
vendor/ibm
canonical/ibm cognos analytics
version/ibm cognos analytics/12.0.0-12.0.3
version/ibm cognos analytics/11.2.0-11.2.4 fp4
vendor/chownr project
canonical/node chownr

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.