CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High
The OpenTelemetry Collector running on the remote host is prior to 0.107.0. It is, therefore, affected by a timing discrepancy vulnerability, outlined below:
The bearertokenauth extension’s server authenticator performs a simple, non-constant time string comparison of the received & configured bearer tokens. This impacts anyone using the bearertokenauth
server authenticator. Malicious clients with network access to the collector may perform a timing attack against a collector with this authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would allow an attacker to introduce fabricated or bad data into the collector’s telemetry pipeline.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(205617);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");
script_cve_id("CVE-2024-42368");
script_xref(name:"IAVA", value:"2024-B-0116-S");
script_name(english:"OpenTelemetry Collector < 0.107.0 Timing Discrepancy");
script_set_attribute(attribute:"synopsis", value:
"An installed application on the remote host is affected by a timing discrepancy vulnerability.");
script_set_attribute(attribute:"description", value:
"The OpenTelemetry Collector running on the remote host is prior to 0.107.0. It is, therefore, affected by a timing
discrepancy vulnerability, outlined below:
The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of
the received & configured bearer tokens. This impacts anyone using the `bearertokenauth` server authenticator.
Malicious clients with network access to the collector may perform a timing attack against a collector with this
authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would
allow an attacker to introduce fabricated or bad data into the collector's telemetry pipeline.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-rfxf-mf63-cpqv
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12eb51ff");
script_set_attribute(attribute:"solution", value:
"Upgrade to OpenTelemetry Collector 0.107.0 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-42368");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"patch_publication_date", value:"2024/08/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:opentelemetry:collector");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("opentelemetry_nix_installed.nbin");
script_require_keys("installed_sw/OpenTelemetry Collector");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'OpenTelemetry Collector');
var constraints = [
{'min_version' : '0.80.0', 'fixed_version': '0.107.0'}
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
AI Score
Confidence
High