5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.5%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2022:1478 advisory.
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
2023859 CVE-2021-27023 - puppet: unsafe HTTP redirect
This update fixes the following bugs:
1929347 pulp3: Ensure migration plugin runs in FIPS mode and respects the ALLOWED_CONTENT_CHECKSUMS configuration 1992267 Incorrect puppet module count when a content view is added to the composite content view.
1998796 Pulp 3 migration failed with missing repositories.
2005392 If the migration plan is empty, all repositories get migrated.
2019563 Missing fields on MD5 repos in repomd.xml on a FIPS enabled satellite 2025804 Option Verify Checksum not listed under Advanced Sync Options 2027086 The katello:pulp3_migration reports wrong failed component names if one or all pulp3 related services has failed to start during content-migration process 2027127 Pulp 2 to 3 migration fails on certain repos during the upgrade with FileNotFoundError: [Errno 2] No such file or directory: in prepare_metadata_files 2027250 CVE-2021-27023 puppetserver: puppet: unsafe HTTP redirect [rhn_satellite_6.9] 2027253 CVE-2021-27023 puppet-agent: puppet: unsafe HTTP redirect [rhn_satellite_6.9] 2032843 pulp3: 2to3 migration fails with Katello::Errors::Pulp3Error: the cursor;_django_curs_XXXX_XXXX does not exist 2033951 [Pulp3] The pulp2-3 migration fails to migrate Alma Linux BaseOS repo with error Katello::Errors::Pulp3Error: No declared artifact with relative path images boot.iso 2038739 Extremely difficult to tell what repositories to Verify Checksum on when there are hundreds or thousands of packages listed as corrupted 2038742 pulp3 content migration failed with Katello::Errors::Pulp3Error: local variable item referenced before assignment 2039059 Pulp3: Migration fails with error Katello::Errors::Pulp3Error: Empty variable tag 2039112 pulp3 migration stats drastically underestimate migration times 2043742 foreman-rake katello:approve_corrupted_migration_content fails with services 2043933 The pulp2-pulp3 migration should fail if not all the errata content has been migrated while upgrading to Satellite 6.10 2051970 pulp2to3 migration fails to migrate docker_blob content due to aggregate mongo 100M limit 2061715 Publication creation (during migration to pulp3 as well) can fail if pulp is NFS share
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 70300
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:1478. The text
# itself is copyright (C) Red Hat, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(160039);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2021-27023");
script_xref(name:"RHSA", value:"2022:1478");
script_name(english:"RHEL 7 : Satellite 6.9.9 Async Bug Fix Update (Important) (RHSA-2022:1478)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
the RHSA-2022:1478 advisory.
Red Hat Satellite is a system management solution that allows organizations to configure and maintain
their systems without the necessity to provide public Internet access to their servers or other client
systems. It performs provisioning and configuration management of predefined standard operating
environments.
Security Fix(es):
2023859 CVE-2021-27023 - puppet: unsafe HTTP redirect
This update fixes the following bugs:
1929347 pulp3: Ensure migration plugin runs in FIPS mode and respects the ALLOWED_CONTENT_CHECKSUMS
configuration
1992267 Incorrect puppet module count when a content view is added to the composite content view.
1998796 Pulp 3 migration failed with missing repositories.
2005392 If the migration plan is empty, all repositories get migrated.
2019563 Missing fields on MD5 repos in repomd.xml on a FIPS enabled satellite
2025804 Option Verify Checksum not listed under Advanced Sync Options
2027086 The katello:pulp3_migration reports wrong failed component names if one or all pulp3 related
services has failed to start during content-migration process
2027127 Pulp 2 to 3 migration fails on certain repos during the upgrade with FileNotFoundError: [Errno 2]
No such file or directory: in prepare_metadata_files
2027250 CVE-2021-27023 puppetserver: puppet: unsafe HTTP redirect [rhn_satellite_6.9]
2027253 CVE-2021-27023 puppet-agent: puppet: unsafe HTTP redirect [rhn_satellite_6.9]
2032843 pulp3: 2to3 migration fails with Katello::Errors::Pulp3Error: the cursor;_django_curs_XXXX_XXXX
does not exist
2033951 [Pulp3] The pulp2-3 migration fails to migrate Alma Linux BaseOS repo with error
Katello::Errors::Pulp3Error: No declared artifact with relative path images boot.iso
2038739 Extremely difficult to tell what repositories to Verify Checksum on when there are hundreds or
thousands of packages listed as corrupted
2038742 pulp3 content migration failed with Katello::Errors::Pulp3Error: local variable item referenced
before assignment
2039059 Pulp3: Migration fails with error Katello::Errors::Pulp3Error: Empty variable tag
2039112 pulp3 migration stats drastically underestimate migration times
2043742 foreman-rake katello:approve_corrupted_migration_content fails with services
2043933 The pulp2-pulp3 migration should fail if not all the errata content has been migrated while
upgrading to Satellite 6.10
2051970 pulp2to3 migration fails to migrate docker_blob content due to aggregate mongo 100M limit
2061715 Publication creation (during migration to pulp3 as well) can fail if pulp is NFS share
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_1478.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?c09731dd");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:1478");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1929347");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1992267");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1998796");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2005392");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2019563");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2023859");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2025804");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2027086");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2027127");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2032843");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2033951");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2038739");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2038742");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2039059");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2039112");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043742");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043933");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2051970");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2061715");
script_set_attribute(attribute:"solution", value:
"Update the affected puppet-agent and / or puppetserver packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27023");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(200);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2022/04/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/04/21");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:puppet-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:puppetserver");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.9/debug',
'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.9/os',
'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.9/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/satellite/6.9/debug',
'content/dist/rhel/server/7/7Server/x86_64/satellite/6.9/os',
'content/dist/rhel/server/7/7Server/x86_64/satellite/6.9/source/SRPMS'
],
'pkgs': [
{'reference':'puppet-agent-6.26.0-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},
{'reference':'puppetserver-6.18.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'puppet-agent / puppetserver');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | puppet-agent | p-cpe:/a:redhat:enterprise_linux:puppet-agent |
redhat | enterprise_linux | puppetserver | p-cpe:/a:redhat:enterprise_linux:puppetserver |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
www.nessus.org/u?c09731dd
access.redhat.com/errata/RHSA-2022:1478
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=1929347
bugzilla.redhat.com/show_bug.cgi?id=1992267
bugzilla.redhat.com/show_bug.cgi?id=1998796
bugzilla.redhat.com/show_bug.cgi?id=2005392
bugzilla.redhat.com/show_bug.cgi?id=2019563
bugzilla.redhat.com/show_bug.cgi?id=2023859
bugzilla.redhat.com/show_bug.cgi?id=2025804
bugzilla.redhat.com/show_bug.cgi?id=2027086
bugzilla.redhat.com/show_bug.cgi?id=2027127
bugzilla.redhat.com/show_bug.cgi?id=2032843
bugzilla.redhat.com/show_bug.cgi?id=2033951
bugzilla.redhat.com/show_bug.cgi?id=2038739
bugzilla.redhat.com/show_bug.cgi?id=2038742
bugzilla.redhat.com/show_bug.cgi?id=2039059
bugzilla.redhat.com/show_bug.cgi?id=2039112
bugzilla.redhat.com/show_bug.cgi?id=2043742
bugzilla.redhat.com/show_bug.cgi?id=2043933
bugzilla.redhat.com/show_bug.cgi?id=2051970
bugzilla.redhat.com/show_bug.cgi?id=2061715
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.4 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.5%