UBUNTU-CVE-2022-21704

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2022-21704

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2022/UBUNTU-CVE-2022-21704.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2022-21704

Related

CVE-2022-21704

Published

2022-01-19T23:15:00Z

Modified

2025-06-03T17:39:12Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

log4js-node is a port of log4js to node.js. In affected versions default file permissions for log files created by the file, fileSync and dateFile appenders are world-readable (in unix). This could cause problems if log files contain sensitive information. This would affect any users that have not supplied their own permissions for the files via the mode parameter in the config. Users are advised to update.

References

Affected packages

Ubuntu:Pro:16.04:LTS / node-log4js

Package

Name: node-log4js
Purl: pkg:deb/ubuntu/node-log4js@0.6.18-1?arch=source&distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.18-1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:18.04:LTS / node-log4js

Package

Name: node-log4js
Purl: pkg:deb/ubuntu/node-log4js@0.6.18-1?arch=source&distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

0.*

0.6.18-1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:Pro:20.04:LTS / node-log4js

Package

Name: node-log4js
Purl: pkg:deb/ubuntu/node-log4js@6.1.0-1?arch=source&distro=esm-apps/focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

4.*

4.5.1-3

5.*

5.2.1-1

6.*

6.1.0-1

Ecosystem specific

{
    "ubuntu_priority": "low"
}

Ubuntu:22.04:LTS / node-log4js

Package

Name: node-log4js
Purl: pkg:deb/ubuntu/node-log4js@6.4.1+~cs8.3.5-1?arch=source&distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

6.4.1+~cs8.3.5-1

Affected versions

6.*

6.3.0+~cs8.3.10-1

6.3.0+repack+~cs6.5.4-1

6.4.0+~cs8.3.5-1

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "low",
    "binaries": [
        {
            "binary_version": "6.4.1+~cs8.3.5-1",
            "binary_name": "node-log4js"
        }
    ]
}