7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
31.0%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:0374 advisory.
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred to managed machines automatically.
Ansible Tower helps you scale IT automation, manage complex deployments and speed productivity. Centralize and control your IT infrastructure with a visual dashboard, role-based access control, job scheduling, integrated notifications and graphical inventory management. And Ansible Tower's REST API and CLI make it easy to embed Ansible Tower into existing tools and processes.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
* A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.
(CVE-2017-12191)
This issue was discovered by Gellert Kis (Red Hat).
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:0374. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194051);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2017-12191");
script_xref(name:"RHSA", value:"2018:0374");
script_name(english:"RHEL 7 : Red Hat CloudForms (RHSA-2018:0374)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
the RHSA-2018:0374 advisory.
Ansible is a simple model-driven configuration management, multi-node deployment, and remote-task
execution system. Ansible works over SSH and does not require any software or daemons to be installed on
remote nodes. Extension modules can be written in any language and are transferred to managed machines
automatically.
Ansible Tower helps you scale IT automation, manage complex deployments and speed productivity. Centralize
and control your IT infrastructure with a visual dashboard, role-based access control, job scheduling,
integrated notifications and graphical inventory management. And Ansible Tower's REST API and CLI make it
easy to embed Ansible Tower into existing tools and processes.
Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the
challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a
model-view-controller (MVC) framework for web application development. Action Pack implements the
controller and the view components.
Security Fix(es):
* A flaw was found in the CloudForms account configuration when using VMware. By default, a shared account
is used that has privileged access to VMRC (VMWare Remote Console) functions that may not be appropriate
for users of CloudForms (and thus this account). An attacker could use this vulnerability to view and make
changes to settings in the VMRC and virtual machines controlled by it that they should not have access to.
(CVE-2017-12191)
This issue was discovered by Gellert Kis (Red Hat).
Additional Changes:
This update also fixes several bugs and adds various enhancements. Documentation for these changes is
available from the Release Notes document linked to in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1458929");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1459190");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1460377");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1460815");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1461164");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1463422");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1478518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1478520");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1479402");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1479939");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1479940");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1481378");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1481446");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1487306");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1489697");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1490416");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496900");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496903");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496904");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496907");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496908");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496909");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496922");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496925");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496930");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496931");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496932");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496936");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496937");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496939");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496943");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496945");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496947");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1496949");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1497209");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498506");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498511");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498518");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498525");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498542");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498544");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1498891");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1500029");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1500445");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1500448");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1500517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1500808");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1500954");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1501475");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1501481");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1501524");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1501897");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1503611");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1503639");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1504199");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1504775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1505415");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1505456");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1505501");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1505503");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1505545");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1505951");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1506624");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1509008");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1509024");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1509378");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1509391");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1509414");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1509419");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1509423");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1510054");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1510142");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1510175");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1510241");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1510564");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1510698");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511125");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511130");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511135");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511142");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511147");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511196");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511502");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511528");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511548");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511595");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512661");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512665");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512667");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512694");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512695");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512706");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512728");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512955");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512967");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1513124");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1513509");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1513699");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1514139");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1514184");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1514570");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515367");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515402");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515407");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515416");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515426");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515483");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518357");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518368");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518372");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518374");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518383");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518392");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518600");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519809");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519910");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519915");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519987");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1520541");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1520557");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1521036");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1522951");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523402");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523404");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523408");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523788");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523851");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1523855");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1524646");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1525092");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1525551");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1525563");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1525583");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1526040");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1526473");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1527676");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1530653");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1530708");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1530717");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531147");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531156");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531161");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531177");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531178");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531256");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531261");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531262");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531274");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531554");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531615");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531618");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531619");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1532328");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1532854");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1532857");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1533167");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1533169");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1533171");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1534584");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1534589");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1534591");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1534601");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1536052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1536672");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1537015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1537145");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1537284");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1538349");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1538350");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1538351");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1539752");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1540699");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1541072");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1542170");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1542240");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1542577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1542741");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1543121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1543150");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1543172");
# https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_0374.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c0261402");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:0374");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-12191");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(284);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/02/28");
script_set_attribute(attribute:"patch_publication_date", value:"2018/02/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-tower-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cfme");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cfme-appliance");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cfme-gemset");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-contrib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-docs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-plperl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-plpython");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-pltcl");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:postgresql94-test");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-crypto");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-jmespath");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-paramiko");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-paramiko-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python2-crypto");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python2-jmespath");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/cf-me/server/5.8/x86_64/debug',
'content/dist/cf-me/server/5.8/x86_64/os',
'content/dist/cf-me/server/5.8/x86_64/source/SRPMS'
],
'pkgs': [
{'reference':'ansible-2.4.3.0-1.el7ae', 'release':'7', 'el_string':'el7ae', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'ansible-tower-server-3.1.5-3.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'ansible-tower-setup-3.1.5-3.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'cfme-5.8.3.4-1.el7cf', 'cpu':'x86_64', 'release':'7', 'el_string':'el7cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'cfme-appliance-5.8.3.4-1.el7cf', 'cpu':'x86_64', 'release':'7', 'el_string':'el7cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'cfme-gemset-5.8.3.4-1.el7cf', 'cpu':'x86_64', 'release':'7', 'el_string':'el7cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-contrib-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-devel-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-docs-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-libs-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-plperl-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-plpython-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-pltcl-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-server-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'postgresql94-test-9.4.15-3PGDG.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'python-paramiko-2.1.1-2.el7ae', 'release':'7', 'el_string':'el7ae', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'python-paramiko-doc-2.1.1-2.el7ae', 'release':'7', 'el_string':'el7ae', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'python2-crypto-2.6.1-16.el7at', 'cpu':'x86_64', 'release':'7', 'el_string':'el7at', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'},
{'reference':'python2-jmespath-0.9.0-4.el7ae', 'release':'7', 'el_string':'el7ae', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.8'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ansible / ansible-tower-server / ansible-tower-setup / cfme / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | ansible-tower-server | p-cpe:/a:redhat:enterprise_linux:ansible-tower-server |
redhat | enterprise_linux | python-paramiko-doc | p-cpe:/a:redhat:enterprise_linux:python-paramiko-doc |
redhat | enterprise_linux | python2-jmespath | p-cpe:/a:redhat:enterprise_linux:python2-jmespath |
redhat | enterprise_linux | python-crypto | p-cpe:/a:redhat:enterprise_linux:python-crypto |
redhat | enterprise_linux | cfme-gemset | p-cpe:/a:redhat:enterprise_linux:cfme-gemset |
redhat | enterprise_linux | postgresql94 | p-cpe:/a:redhat:enterprise_linux:postgresql94 |
redhat | enterprise_linux | ansible-tower-setup | p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup |
redhat | enterprise_linux | postgresql94-docs | p-cpe:/a:redhat:enterprise_linux:postgresql94-docs |
redhat | enterprise_linux | postgresql94-plperl | p-cpe:/a:redhat:enterprise_linux:postgresql94-plperl |
redhat | enterprise_linux | postgresql94-server | p-cpe:/a:redhat:enterprise_linux:postgresql94-server |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-12191
www.nessus.org/u?c0261402
access.redhat.com/errata/RHSA-2018:0374
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1458929
bugzilla.redhat.com/show_bug.cgi?id=1459190
bugzilla.redhat.com/show_bug.cgi?id=1460377
bugzilla.redhat.com/show_bug.cgi?id=1460815
bugzilla.redhat.com/show_bug.cgi?id=1461164
bugzilla.redhat.com/show_bug.cgi?id=1463422
bugzilla.redhat.com/show_bug.cgi?id=1478518
bugzilla.redhat.com/show_bug.cgi?id=1478520
bugzilla.redhat.com/show_bug.cgi?id=1479402
bugzilla.redhat.com/show_bug.cgi?id=1479939
bugzilla.redhat.com/show_bug.cgi?id=1479940
bugzilla.redhat.com/show_bug.cgi?id=1481378
bugzilla.redhat.com/show_bug.cgi?id=1481446
bugzilla.redhat.com/show_bug.cgi?id=1487306
bugzilla.redhat.com/show_bug.cgi?id=1489697
bugzilla.redhat.com/show_bug.cgi?id=1490416
bugzilla.redhat.com/show_bug.cgi?id=1496900
bugzilla.redhat.com/show_bug.cgi?id=1496903
bugzilla.redhat.com/show_bug.cgi?id=1496904
bugzilla.redhat.com/show_bug.cgi?id=1496907
bugzilla.redhat.com/show_bug.cgi?id=1496908
bugzilla.redhat.com/show_bug.cgi?id=1496909
bugzilla.redhat.com/show_bug.cgi?id=1496922
bugzilla.redhat.com/show_bug.cgi?id=1496925
bugzilla.redhat.com/show_bug.cgi?id=1496930
bugzilla.redhat.com/show_bug.cgi?id=1496931
bugzilla.redhat.com/show_bug.cgi?id=1496932
bugzilla.redhat.com/show_bug.cgi?id=1496936
bugzilla.redhat.com/show_bug.cgi?id=1496937
bugzilla.redhat.com/show_bug.cgi?id=1496939
bugzilla.redhat.com/show_bug.cgi?id=1496943
bugzilla.redhat.com/show_bug.cgi?id=1496945
bugzilla.redhat.com/show_bug.cgi?id=1496947
bugzilla.redhat.com/show_bug.cgi?id=1496949
bugzilla.redhat.com/show_bug.cgi?id=1497209
bugzilla.redhat.com/show_bug.cgi?id=1498506
bugzilla.redhat.com/show_bug.cgi?id=1498511
bugzilla.redhat.com/show_bug.cgi?id=1498516
bugzilla.redhat.com/show_bug.cgi?id=1498518
bugzilla.redhat.com/show_bug.cgi?id=1498525
bugzilla.redhat.com/show_bug.cgi?id=1498542
bugzilla.redhat.com/show_bug.cgi?id=1498544
bugzilla.redhat.com/show_bug.cgi?id=1498891
bugzilla.redhat.com/show_bug.cgi?id=1500029
bugzilla.redhat.com/show_bug.cgi?id=1500445
bugzilla.redhat.com/show_bug.cgi?id=1500448
bugzilla.redhat.com/show_bug.cgi?id=1500517
bugzilla.redhat.com/show_bug.cgi?id=1500808
bugzilla.redhat.com/show_bug.cgi?id=1500954
bugzilla.redhat.com/show_bug.cgi?id=1501475
bugzilla.redhat.com/show_bug.cgi?id=1501481
bugzilla.redhat.com/show_bug.cgi?id=1501524
bugzilla.redhat.com/show_bug.cgi?id=1501897
bugzilla.redhat.com/show_bug.cgi?id=1503611
bugzilla.redhat.com/show_bug.cgi?id=1503639
bugzilla.redhat.com/show_bug.cgi?id=1504199
bugzilla.redhat.com/show_bug.cgi?id=1504775
bugzilla.redhat.com/show_bug.cgi?id=1505415
bugzilla.redhat.com/show_bug.cgi?id=1505456
bugzilla.redhat.com/show_bug.cgi?id=1505501
bugzilla.redhat.com/show_bug.cgi?id=1505503
bugzilla.redhat.com/show_bug.cgi?id=1505545
bugzilla.redhat.com/show_bug.cgi?id=1505951
bugzilla.redhat.com/show_bug.cgi?id=1506624
bugzilla.redhat.com/show_bug.cgi?id=1509008
bugzilla.redhat.com/show_bug.cgi?id=1509024
bugzilla.redhat.com/show_bug.cgi?id=1509378
bugzilla.redhat.com/show_bug.cgi?id=1509391
bugzilla.redhat.com/show_bug.cgi?id=1509414
bugzilla.redhat.com/show_bug.cgi?id=1509419
bugzilla.redhat.com/show_bug.cgi?id=1509423
bugzilla.redhat.com/show_bug.cgi?id=1510054
bugzilla.redhat.com/show_bug.cgi?id=1510142
bugzilla.redhat.com/show_bug.cgi?id=1510175
bugzilla.redhat.com/show_bug.cgi?id=1510241
bugzilla.redhat.com/show_bug.cgi?id=1510564
bugzilla.redhat.com/show_bug.cgi?id=1510698
bugzilla.redhat.com/show_bug.cgi?id=1511032
bugzilla.redhat.com/show_bug.cgi?id=1511125
bugzilla.redhat.com/show_bug.cgi?id=1511130
bugzilla.redhat.com/show_bug.cgi?id=1511135
bugzilla.redhat.com/show_bug.cgi?id=1511142
bugzilla.redhat.com/show_bug.cgi?id=1511144
bugzilla.redhat.com/show_bug.cgi?id=1511147
bugzilla.redhat.com/show_bug.cgi?id=1511196
bugzilla.redhat.com/show_bug.cgi?id=1511502
bugzilla.redhat.com/show_bug.cgi?id=1511517
bugzilla.redhat.com/show_bug.cgi?id=1511528
bugzilla.redhat.com/show_bug.cgi?id=1511548
bugzilla.redhat.com/show_bug.cgi?id=1511595
bugzilla.redhat.com/show_bug.cgi?id=1512661
bugzilla.redhat.com/show_bug.cgi?id=1512665
bugzilla.redhat.com/show_bug.cgi?id=1512667
bugzilla.redhat.com/show_bug.cgi?id=1512694
bugzilla.redhat.com/show_bug.cgi?id=1512695
bugzilla.redhat.com/show_bug.cgi?id=1512706
bugzilla.redhat.com/show_bug.cgi?id=1512728
bugzilla.redhat.com/show_bug.cgi?id=1512955
bugzilla.redhat.com/show_bug.cgi?id=1512967
bugzilla.redhat.com/show_bug.cgi?id=1513124
bugzilla.redhat.com/show_bug.cgi?id=1513509
bugzilla.redhat.com/show_bug.cgi?id=1513699
bugzilla.redhat.com/show_bug.cgi?id=1514139
bugzilla.redhat.com/show_bug.cgi?id=1514184
bugzilla.redhat.com/show_bug.cgi?id=1514570
bugzilla.redhat.com/show_bug.cgi?id=1515367
bugzilla.redhat.com/show_bug.cgi?id=1515402
bugzilla.redhat.com/show_bug.cgi?id=1515407
bugzilla.redhat.com/show_bug.cgi?id=1515416
bugzilla.redhat.com/show_bug.cgi?id=1515426
bugzilla.redhat.com/show_bug.cgi?id=1515483
bugzilla.redhat.com/show_bug.cgi?id=1518357
bugzilla.redhat.com/show_bug.cgi?id=1518368
bugzilla.redhat.com/show_bug.cgi?id=1518372
bugzilla.redhat.com/show_bug.cgi?id=1518374
bugzilla.redhat.com/show_bug.cgi?id=1518383
bugzilla.redhat.com/show_bug.cgi?id=1518392
bugzilla.redhat.com/show_bug.cgi?id=1518600
bugzilla.redhat.com/show_bug.cgi?id=1519809
bugzilla.redhat.com/show_bug.cgi?id=1519910
bugzilla.redhat.com/show_bug.cgi?id=1519915
bugzilla.redhat.com/show_bug.cgi?id=1519987
bugzilla.redhat.com/show_bug.cgi?id=1520541
bugzilla.redhat.com/show_bug.cgi?id=1520557
bugzilla.redhat.com/show_bug.cgi?id=1521036
bugzilla.redhat.com/show_bug.cgi?id=1522951
bugzilla.redhat.com/show_bug.cgi?id=1523402
bugzilla.redhat.com/show_bug.cgi?id=1523404
bugzilla.redhat.com/show_bug.cgi?id=1523408
bugzilla.redhat.com/show_bug.cgi?id=1523771
bugzilla.redhat.com/show_bug.cgi?id=1523773
bugzilla.redhat.com/show_bug.cgi?id=1523774
bugzilla.redhat.com/show_bug.cgi?id=1523777
bugzilla.redhat.com/show_bug.cgi?id=1523788
bugzilla.redhat.com/show_bug.cgi?id=1523851
bugzilla.redhat.com/show_bug.cgi?id=1523855
bugzilla.redhat.com/show_bug.cgi?id=1524646
bugzilla.redhat.com/show_bug.cgi?id=1525092
bugzilla.redhat.com/show_bug.cgi?id=1525551
bugzilla.redhat.com/show_bug.cgi?id=1525563
bugzilla.redhat.com/show_bug.cgi?id=1525583
bugzilla.redhat.com/show_bug.cgi?id=1526040
bugzilla.redhat.com/show_bug.cgi?id=1526473
bugzilla.redhat.com/show_bug.cgi?id=1527676
bugzilla.redhat.com/show_bug.cgi?id=1530653
bugzilla.redhat.com/show_bug.cgi?id=1530708
bugzilla.redhat.com/show_bug.cgi?id=1530717
bugzilla.redhat.com/show_bug.cgi?id=1531146
bugzilla.redhat.com/show_bug.cgi?id=1531147
bugzilla.redhat.com/show_bug.cgi?id=1531156
bugzilla.redhat.com/show_bug.cgi?id=1531161
bugzilla.redhat.com/show_bug.cgi?id=1531177
bugzilla.redhat.com/show_bug.cgi?id=1531178
bugzilla.redhat.com/show_bug.cgi?id=1531256
bugzilla.redhat.com/show_bug.cgi?id=1531261
bugzilla.redhat.com/show_bug.cgi?id=1531262
bugzilla.redhat.com/show_bug.cgi?id=1531274
bugzilla.redhat.com/show_bug.cgi?id=1531554
bugzilla.redhat.com/show_bug.cgi?id=1531615
bugzilla.redhat.com/show_bug.cgi?id=1531618
bugzilla.redhat.com/show_bug.cgi?id=1531619
bugzilla.redhat.com/show_bug.cgi?id=1532328
bugzilla.redhat.com/show_bug.cgi?id=1532854
bugzilla.redhat.com/show_bug.cgi?id=1532857
bugzilla.redhat.com/show_bug.cgi?id=1533167
bugzilla.redhat.com/show_bug.cgi?id=1533169
bugzilla.redhat.com/show_bug.cgi?id=1533171
bugzilla.redhat.com/show_bug.cgi?id=1534584
bugzilla.redhat.com/show_bug.cgi?id=1534589
bugzilla.redhat.com/show_bug.cgi?id=1534591
bugzilla.redhat.com/show_bug.cgi?id=1534601
bugzilla.redhat.com/show_bug.cgi?id=1536052
bugzilla.redhat.com/show_bug.cgi?id=1536672
bugzilla.redhat.com/show_bug.cgi?id=1537015
bugzilla.redhat.com/show_bug.cgi?id=1537145
bugzilla.redhat.com/show_bug.cgi?id=1537284
bugzilla.redhat.com/show_bug.cgi?id=1538349
bugzilla.redhat.com/show_bug.cgi?id=1538350
bugzilla.redhat.com/show_bug.cgi?id=1538351
bugzilla.redhat.com/show_bug.cgi?id=1539752
bugzilla.redhat.com/show_bug.cgi?id=1540699
bugzilla.redhat.com/show_bug.cgi?id=1541072
bugzilla.redhat.com/show_bug.cgi?id=1542170
bugzilla.redhat.com/show_bug.cgi?id=1542240
bugzilla.redhat.com/show_bug.cgi?id=1542577
bugzilla.redhat.com/show_bug.cgi?id=1542741
bugzilla.redhat.com/show_bug.cgi?id=1543121
bugzilla.redhat.com/show_bug.cgi?id=1543150
bugzilla.redhat.com/show_bug.cgi?id=1543172
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
7.4 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
0.001 Low
EPSS
Percentile
31.0%