6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.7%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:2179 advisory.
The ovirt-engine package provides the manager for virtualization environments.
This manager enables admins to define hosts and networks, as well as to add storage, create VMs and manage user permissions.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Security Fix(es):
* nodejs-lodash: command injection via template (CVE-2021-23337)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* This release adds the queue attribute to the virtio-scsi driver in the virtual machine configuration.
This improvement enables multi-queue performance with the virtio-scsi driver. (BZ#911394)
* With this release, source-load-balancing has been added as a new sub-option for xmit_hash_policy. It can be configured for bond modes balance-xor (2), 802.3ad (4) and balance-tlb (5), by specifying xmit_hash_policy=vlan+srcmac. (BZ#1683987)
* The default DataCenter/Cluster will be set to compatibility level 4.6 on new installations of Red Hat Virtualization 4.4.6.; (BZ#1950348)
* With this release, support has been added for copying disks between regular Storage Domains and Managed Block Storage Domains.
It is now possible to migrate disks between Managed Block Storage Domains and regular Storage Domains.
(BZ#1906074)
* Previously, the engine-config value LiveSnapshotPerformFreezeInEngine was set by default to false and was supposed to be uses in cluster compatibility levels below 4.4. The value was set to general version.
With this release, each cluster level has it's own value, defaulting to false for 4.4 and above. This will reduce unnecessary overhead in removing time outs of the file system freeze command. (BZ#1932284)
* With this release, running virtual machines is supported for up to 16TB of RAM on x86_64 architectures.
(BZ#1944723)
* This release adds the gathering of oVirt/RHV related certificates to allow easier debugging of issues for faster customer help and issue resolution.
Information from certificates is now included as part of the sosreport. Note that no corresponding private key information is gathered, due to security considerations. (BZ#1845877)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2021:2179. The text
# itself is copyright (C) Red Hat, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(150124);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2020-28500", "CVE-2021-23337");
script_xref(name:"RHSA", value:"2021:2179");
script_name(english:"RHEL 8 : RHV Manager security update (ovirt-engine) [ovirt-4.4.6] (Moderate) (RHSA-2021:2179)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for RHV Manager.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2021:2179 advisory.
The ovirt-engine package provides the manager for virtualization environments.
This manager enables admins to define hosts and networks, as well as to add
storage, create VMs and manage user permissions.
A list of bugs fixed in this update is available in the Technical Notes
book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Security Fix(es):
* nodejs-lodash: command injection via template (CVE-2021-23337)
* nodejs-lodash: ReDoS via the toNumber, trim and trimEnd functions (CVE-2020-28500)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* This release adds the queue attribute to the virtio-scsi driver in the virtual machine configuration.
This improvement enables multi-queue performance with the virtio-scsi driver. (BZ#911394)
* With this release, source-load-balancing has been added as a new sub-option for xmit_hash_policy. It can
be configured for bond modes balance-xor (2), 802.3ad (4) and balance-tlb (5), by specifying
xmit_hash_policy=vlan+srcmac. (BZ#1683987)
* The default DataCenter/Cluster will be set to compatibility level 4.6 on new installations of Red Hat
Virtualization 4.4.6.; (BZ#1950348)
* With this release, support has been added for copying disks between regular Storage Domains and Managed
Block Storage Domains.
It is now possible to migrate disks between Managed Block Storage Domains and regular Storage Domains.
(BZ#1906074)
* Previously, the engine-config value LiveSnapshotPerformFreezeInEngine was set by default to false and
was supposed to be uses in cluster compatibility levels below 4.4. The value was set to general version.
With this release, each cluster level has it's own value, defaulting to false for 4.4 and above. This will
reduce unnecessary overhead in removing time outs of the file system freeze command. (BZ#1932284)
* With this release, running virtual machines is supported for up to 16TB of RAM on x86_64 architectures.
(BZ#1944723)
* This release adds the gathering of oVirt/RHV related certificates to allow easier debugging of issues
for faster customer help and issue resolution.
Information from certificates is now included as part of the sosreport. Note that no corresponding private
key information is gathered, due to security considerations. (BZ#1845877)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4e9fb3f");
# https://access.redhat.com/security/data/csaf/v2/advisories/2021/rhsa-2021_2179.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ef72b39b");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2021:2179");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1113630");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1310330");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1589763");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1621421");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1717411");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1766414");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1775145");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1821199");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1845877");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1875363");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1906074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1910858");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1917718");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1919195");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1919984");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1924610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1926018");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1926823");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1928158");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1928188");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1928937");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1928954");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1929211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1930522");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1930565");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1930895");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1932284");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1935073");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1942083");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1943267");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1944723");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1948577");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1949543");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1949547");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1950348");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1950466");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1954401");
script_set_attribute(attribute:"solution", value:
"Update the RHEL RHV Manager package based on the guidance in RHSA-2021:2179.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-23337");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(78, 400);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/02/15");
script_set_attribute(attribute:"patch_publication_date", value:"2021/06/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2021/06/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-ui-extensions");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2021-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/debug',
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/os',
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/source/SRPMS'
],
'pkgs': [
{'reference':'ovirt-engine-ui-extensions-1.2.6-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'},
{'reference':'ovirt-web-ui-1.6.9-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ovirt-engine-ui-extensions / ovirt-web-ui');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | ovirt-engine-ui-extensions | p-cpe:/a:redhat:enterprise_linux:ovirt-engine-ui-extensions |
redhat | enterprise_linux | ovirt-web-ui | p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-28500
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23337
www.nessus.org/u?b4e9fb3f
www.nessus.org/u?ef72b39b
access.redhat.com/errata/RHSA-2021:2179
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1113630
bugzilla.redhat.com/show_bug.cgi?id=1310330
bugzilla.redhat.com/show_bug.cgi?id=1589763
bugzilla.redhat.com/show_bug.cgi?id=1621421
bugzilla.redhat.com/show_bug.cgi?id=1717411
bugzilla.redhat.com/show_bug.cgi?id=1766414
bugzilla.redhat.com/show_bug.cgi?id=1775145
bugzilla.redhat.com/show_bug.cgi?id=1821199
bugzilla.redhat.com/show_bug.cgi?id=1845877
bugzilla.redhat.com/show_bug.cgi?id=1875363
bugzilla.redhat.com/show_bug.cgi?id=1906074
bugzilla.redhat.com/show_bug.cgi?id=1910858
bugzilla.redhat.com/show_bug.cgi?id=1917718
bugzilla.redhat.com/show_bug.cgi?id=1919195
bugzilla.redhat.com/show_bug.cgi?id=1919984
bugzilla.redhat.com/show_bug.cgi?id=1924610
bugzilla.redhat.com/show_bug.cgi?id=1926018
bugzilla.redhat.com/show_bug.cgi?id=1926823
bugzilla.redhat.com/show_bug.cgi?id=1928158
bugzilla.redhat.com/show_bug.cgi?id=1928188
bugzilla.redhat.com/show_bug.cgi?id=1928937
bugzilla.redhat.com/show_bug.cgi?id=1928954
bugzilla.redhat.com/show_bug.cgi?id=1929211
bugzilla.redhat.com/show_bug.cgi?id=1930522
bugzilla.redhat.com/show_bug.cgi?id=1930565
bugzilla.redhat.com/show_bug.cgi?id=1930895
bugzilla.redhat.com/show_bug.cgi?id=1932284
bugzilla.redhat.com/show_bug.cgi?id=1935073
bugzilla.redhat.com/show_bug.cgi?id=1942083
bugzilla.redhat.com/show_bug.cgi?id=1943267
bugzilla.redhat.com/show_bug.cgi?id=1944723
bugzilla.redhat.com/show_bug.cgi?id=1948577
bugzilla.redhat.com/show_bug.cgi?id=1949543
bugzilla.redhat.com/show_bug.cgi?id=1949547
bugzilla.redhat.com/show_bug.cgi?id=1950348
bugzilla.redhat.com/show_bug.cgi?id=1950466
bugzilla.redhat.com/show_bug.cgi?id=1954401
6.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
7.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
7.5 High
AI Score
Confidence
High
0.006 Low
EPSS
Percentile
78.7%