Improved NodeJS Linux Detection

Background

In an effort to improve the accuracy of our NodeJS vulnerability coverage, Tenable Research is releasing changes to our plugins. We have updated our NodeJS Linux detection plugin to better accommodate versions installed by package managers.

Changes

No longer will detected versions be reported as 'Path : package : <node-package-name>’, instead the binary installed by the package will appear in the Path entry and the package as a new Package entry in the list of installs.

Additionally, symlinks to the same binary are now collapsed to a single installation with an 'alias' entry containing the symlinks. This may reduce the number of installations detected on some operating systems, but better represents the installed software. An example of the existing & new plugin output formats may be seen below: 

Example of prior plugin output

Example of updated plugin output

Impact

Customers will benefit from improved reporting on detected NodeJS instances. Any installs managed by the OS package manager will only be checked by the generic vulnerability plugins if paranoid checks are enabled. An exception has been made for packages from NodeSource due to the lack of backports or separate security advisories for these packages. Packages distributed by the OS vendor will continue to be served by OS-specific local checks.

Impacted Plugins

Logical updates have been made to plugin 178771 and this will have downstream impacts on all plugins which are dependent upon it. 

Target Release Date

Mid-January 2024