CVE-2023-27563

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-27563
The n8n package 0.218.0 for Node.js allows Escalation of Privileges.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/n8n-io/n8n/releases Release Notes
https://security.netapp.com/advisory/ntap-20230622-0007/
https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf Exploit Third Party Advisory
https://github.com/n8n-io/n8n/releases Release Notes
https://security.netapp.com/advisory/ntap-20230622-0007/
https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:a:n8n:n8n:0.218.0:*:*:*:*:node.js:*:*
History

21 Nov 2024, 07:53

Type Values Removed Values Added
References () https://github.com/n8n-io/n8n/releases - Release Notes () https://github.com/n8n-io/n8n/releases - Release Notes
References () https://security.netapp.com/advisory/ntap-20230622-0007/ - () https://security.netapp.com/advisory/ntap-20230622-0007/ -
References () https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf - Exploit, Third Party Advisory () https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf - Exploit, Third Party Advisory

17 May 2023, 18:47

Type Values Removed Values Added
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:n8n:n8n:0.218.0:*:*:*:*:node.js:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 8.8
References (MISC) https://github.com/n8n-io/n8n/releases - (MISC) https://github.com/n8n-io/n8n/releases - Release Notes
References (MISC) https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf - (MISC) https://www.synacktiv.com/sites/default/files/2023-05/Synacktiv-N8N-Multiple-Vulnerabilities_0.pdf - Exploit, Third Party Advisory

10 May 2023, 15:26

Type Values Removed Values Added
New CVE
Information

Published : 2023-05-10 15:15

Updated : 2025-01-27 22:15

NVD link : CVE-2023-27563

Mitre link : CVE-2023-27563

CVE.ORG link : CVE-2023-27563

JSON object : View

Products Affected

n8n

  • n8n
CWE
NVD-CWE-noinfo