Rewterz Threat Advisory – Multiple Trend Micro Deep Security and Cloud One Vulnerabilities
January 23, 2022Rewterz Threat Advisory – CVE-2022-22733 – Apache ShardingSphere ElasticJob-UI Vulnerability
January 23, 2022Rewterz Threat Advisory – Multiple Trend Micro Deep Security and Cloud One Vulnerabilities
January 23, 2022Rewterz Threat Advisory – CVE-2022-22733 – Apache ShardingSphere ElasticJob-UI Vulnerability
January 23, 2022Severity
Medium
Analysis Summary
CVE-2022-21704
log4js-node module for Node.js could allow a local authenticated attacker to obtain sensitive information, caused by an issue with the default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable. By gaining access to the log files, an attacker could exploit this vulnerability to obtain sensitive information, and use this information to launch further attacks against the affected system.
Impact
- Information Disclosure
Affected Vendors
NodeJs
Affected Products
- log4js-node log4js-node 6.3.0
Remediation
Upgrade to the latest version of log4js-node, available from the log4js-node GIT Repository.