CVE-2018-12120 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2018-12120 Interim 1 23 2025-02-17T02:46:22Z current 2021-05-30T14:14:00Z 2025-02-17T02:46:22Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2018-12120 Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.suse.com/pipermail/sle-security-updates/2019-January/005042.html E-Mail link for SUSE-SU-2019:0117-1 https://lists.suse.com/pipermail/sle-security-updates/2019-February/005121.html E-Mail link for SUSE-SU-2019:0395-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MCR24YF2JL7BUZULCM3J6PO547A2FBEH/#MCR24YF2JL7BUZULCM3J6PO547A2FBEH E-Mail link for openSUSE-SU-2019:0088-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/TEDLOHSLOHZ36RTEAODDXPLT3YMQBGBI/#TEDLOHSLOHZ36RTEAODDXPLT3YMQBGBI E-Mail link for openSUSE-SU-2019:0234-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Enterprise Storage 4 SUSE Enterprise Storage 7.1 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 12 SUSE Linux Enterprise Module for Web and Scripting 15 SUSE Linux Enterprise Server for SAP Applications 15 SP3 SUSE Manager Server 4.2 SUSE OpenStack Cloud 7 SUSE OpenStack Cloud Crowbar 8 nodejs10 nodejs10-devel nodejs10-docs nodejs12 nodejs12-devel nodejs12-docs nodejs4-4.9.1-15.17.1 nodejs4-devel-4.9.1-15.17.1 nodejs4-docs-4.9.1-15.17.1 nodejs6-6.16.0-11.21.1 nodejs6-devel-6.16.0-11.21.1 nodejs6-docs-6.16.0-11.21.1 nodejs8 nodejs8-devel nodejs8-docs npm10 npm12 npm4-4.9.1-15.17.1 npm6-6.16.0-11.21.1 npm8 nodejs4-4.9.1-15.17.1 as a component of SUSE Enterprise Storage 4 nodejs6-6.16.0-11.21.1 as a component of SUSE Enterprise Storage 4 nodejs4-4.9.1-15.17.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs4-devel-4.9.1-15.17.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs4-docs-4.9.1-15.17.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-6.16.0-11.21.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-devel-6.16.0-11.21.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-docs-6.16.0-11.21.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm4-4.9.1-15.17.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm6-6.16.0-11.21.1 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs6-6.16.0-11.21.1 as a component of SUSE OpenStack Cloud 7 nodejs6-6.16.0-11.21.1 as a component of SUSE OpenStack Cloud Crowbar 8 nodejs12 as a component of SUSE Enterprise Storage 7.1 nodejs12-devel as a component of SUSE Enterprise Storage 7.1 nodejs12-docs as a component of SUSE Enterprise Storage 7.1 npm12 as a component of SUSE Enterprise Storage 7.1 nodejs12 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS nodejs12-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS nodejs12-docs as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS npm12 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS nodejs12 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS nodejs12-devel as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS nodejs12-docs as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS npm12 as a component of SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS nodejs10 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs10-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs10-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm10 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs12 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs12-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs12-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 12 npm12 as a component of SUSE Linux Enterprise Module for Web and Scripting 12 nodejs8 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs8-devel as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs8-docs as a component of SUSE Linux Enterprise Module for Web and Scripting 15 npm8 as a component of SUSE Linux Enterprise Module for Web and Scripting 15 nodejs12 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 nodejs12-devel as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 nodejs12-docs as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 npm12 as a component of SUSE Linux Enterprise Server for SAP Applications 15 SP3 nodejs12 as a component of SUSE Manager Server 4.2 nodejs12-devel as a component of SUSE Manager Server 4.2 nodejs12-docs as a component of SUSE Manager Server 4.2 npm12 as a component of SUSE Manager Server 4.2 Node.js: All versions prior to Node.js 6.15.0: Debugger port 5858 listens on any interface by default: When the debugger is enabled with `node --debug` or `node debug`, it listens to port 5858 on all interfaces by default. This may allow remote computers to attach to the debug port and evaluate arbitrary JavaScript. The default interface is now localhost. It has always been possible to start the debugger on a specific interface, such as `node --debug=localhost`. The debugger was removed in Node.js 8 and replaced with the inspector, so no versions from 8 and later are vulnerable. CVE-2018-12120 SUSE Enterprise Storage 4:nodejs4-4.9.1-15.17.1 SUSE Enterprise Storage 4:nodejs6-6.16.0-11.21.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-4.9.1-15.17.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-devel-4.9.1-15.17.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs4-docs-4.9.1-15.17.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-6.16.0-11.21.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-devel-6.16.0-11.21.1 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs6-docs-6.16.0-11.21.1 SUSE Linux Enterprise Module for Web and Scripting 12:npm4-4.9.1-15.17.1 SUSE Linux Enterprise Module for Web and Scripting 12:npm6-6.16.0-11.21.1 SUSE OpenStack Cloud 7:nodejs6-6.16.0-11.21.1 SUSE OpenStack Cloud Crowbar 8:nodejs6-6.16.0-11.21.1 SUSE Enterprise Storage 7.1:nodejs12 SUSE Enterprise Storage 7.1:nodejs12-devel SUSE Enterprise Storage 7.1:nodejs12-docs SUSE Enterprise Storage 7.1:npm12 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:nodejs12 SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:nodejs12-devel SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:nodejs12-docs SUSE Linux Enterprise High Performance Computing 15 SP3-ESPOS:npm12 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nodejs12 SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nodejs12-devel SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:nodejs12-docs SUSE Linux Enterprise High Performance Computing 15 SP3-LTSS:npm12 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12 SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-devel SUSE Linux Enterprise Module for Web and Scripting 12:nodejs12-docs SUSE Linux Enterprise Module for Web and Scripting 12:npm12 SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8 SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-devel SUSE Linux Enterprise Module for Web and Scripting 15:nodejs8-docs SUSE Linux Enterprise Module for Web and Scripting 15:npm8 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nodejs12 SUSE Linux Enterprise Server for SAP Applications 15 SP3:nodejs12-devel SUSE Linux Enterprise Server for SAP Applications 15 SP3:nodejs12-docs SUSE Linux Enterprise Server for SAP Applications 15 SP3:npm12 SUSE Manager Server 4.2:nodejs12 SUSE Manager Server 4.2:nodejs12-devel SUSE Manager Server 4.2:nodejs12-docs SUSE Manager Server 4.2:npm12 critical 6.8 AV:N/AC:M/Au:N/C:P/I:P/A:P 9.8 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H