6.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
7.4 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%
The version of osbuild-composer installed on the remote host is prior to 94. It may, therefore, be affected by a race condition. A condition can be triggered that disables GPG verification for package repositories, which can expose the build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(192468);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/25");
script_cve_id("CVE-2024-2307");
script_xref(name:"IAVB", value:"2024-B-0026");
script_name(english:"osbuild-composer < 94 Race Condition");
script_set_attribute(attribute:"synopsis", value:
"The version of osbuild-composer installed on the remote host may be vulnerable to a man-in-the middle attack due to a race condition.");
script_set_attribute(attribute:"description", value:
"The version of osbuild-composer installed on the remote host is prior to 94. It may, therefore, be affected by a race
condition. A condition can be triggered that disables GPG verification for package repositories, which can expose the
build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2024-2307");
script_set_attribute(attribute:"solution", value:
"Upgrade to osbuild-composer to version 94 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2307");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/15");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/22");
script_set_attribute(attribute:"potential_vulnerability", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"x-cpe:/a:osbuild:osbuild-composer");
script_set_attribute(attribute:"stig_severity", value:"II");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("unix_enum_sw.nasl");
script_require_keys("Host/nix/packages", "Settings/ParanoidReport");
exit(0);
}
include('local_detection_nix.inc');
# Fixes will be backported and this package is only installable via a package manager
# so all installs will be mananged. This plugin is to catch installs until vendor-specific
# advisories are released.
if (report_paranoia < 2)
audit(AUDIT_PARANOID);
var app = 'osbuild_composer';
var packages = ldnix::search_packages([new('ldnix::pkg_target', 'osbuild-composer', '(osbuild-composer)-([0-9.]+)')]);
if (empty_or_null(packages))
audit(AUDIT_NOT_INST, app);
var package = branch(packages);
if (ver_compare(ver:package.version, fix:'94', strict:FALSE) == -1)
{
var report = '\n Installed package : ' + package.path + '-' + package.version +
'\n Fixed version : v94 or later';
security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
}
else
audit(AUDIT_INST_VER_NOT_VULN, app, package.version);
Vendor | Product | Version | CPE |
---|---|---|---|
osbuild | osbuild-composer | x-cpe:/a:osbuild:osbuild-composer |
6.1 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L
7.4 High
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.5%