5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.5%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:1708 advisory.
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
2023859 puppet: unsafe HTTP redirect (CVE-2021-27023) 2023853 puppet: silent configuration failure in agent (CVE-2021-27025)
This update fixes the following bugs:
2070996 Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some ostree\puppet type repos 2070991 Warning: postgresql.service changed on disk, when calling foreman-maintain service restart 2071004 Config report upload failed with No smart proxy server found on [capsule.example.com] and is not in trusted_hosts 2070984 Uploading external DISA SCAP content to satellite 6.10 fails with exception Invalid SCAP file type 2075031 Content Import does not delete version on failure 2070985 Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error undefined method operatingsystems for nil:NilClass during the db:migrate step 2070994 Index content is creating duplicated errata in katello_erratum table after upgrading to Satellite 6.10 2070999 Fail to import contents when the connected and disconnected Satellite have different product labels for the same product 2071002 Error when importing content and same package belongs to multiple repositories 2071006 Content not accessible after importing 2076979 Wrong satellite version on login screen 2077046 Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table katello_errata violates foreign key constraint katello_content_facet_errata_errata_id
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:1708. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(160534);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2021-27023", "CVE-2021-27025");
script_xref(name:"RHSA", value:"2022:1708");
script_name(english:"RHEL 7 : Satellite 6.10.5 Async Bug Fix Update (Important) (RHSA-2022:1708)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2022:1708 advisory.
Red Hat Satellite is a system management solution that allows organizations to configure and maintain
their systems without the necessity to provide public Internet access to their servers or other client
systems. It performs provisioning and configuration management of predefined standard operating
environments.
Security Fix(es):
2023859 puppet: unsafe HTTP redirect (CVE-2021-27023)
2023853 puppet: silent configuration failure in agent (CVE-2021-27025)
This update fixes the following bugs:
2070996 Upgrade to Satellite 6.10 fails at db:migrate stage if there are errata reference present for some
ostree\puppet type repos
2070991 Warning: postgresql.service changed on disk, when calling foreman-maintain service restart
2071004 Config report upload failed with No smart proxy server found on [capsule.example.com] and is not
in trusted_hosts
2070984 Uploading external DISA SCAP content to satellite 6.10 fails with exception Invalid SCAP file
type
2075031 Content Import does not delete version on failure
2070985 Upgrading from Satellite 6.9 to Satellite 6.10.3 fails with error undefined method
operatingsystems for nil:NilClass during the db:migrate step
2070994 Index content is creating duplicated errata in katello_erratum table after upgrading to Satellite
6.10
2070999 Fail to import contents when the connected and disconnected Satellite have different product
labels for the same product
2071002 Error when importing content and same package belongs to multiple repositories
2071006 Content not accessible after importing
2076979 Wrong satellite version on login screen
2077046 Upgrade fails during db:migrate with PG::ForeignKeyViolation: ERROR: update or delete on table
katello_errata violates foreign key constraint katello_content_facet_errata_errata_id
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_1708.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?69322a6b");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:1708");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2023853");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2023859");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070984");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070985");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070991");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070996");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070999");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2071002");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2071004");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2071006");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2075031");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2076979");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2077046");
script_set_attribute(attribute:"solution", value:
"Update the affected puppet-agent and / or puppetserver packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-27023");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(200, 665);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/11/18");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/05");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:puppet-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:puppetserver");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.10/debug',
'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.10/os',
'content/dist/rhel/server/7/7Server/x86_64/sat-capsule/6.10/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/satellite/6.10/debug',
'content/dist/rhel/server/7/7Server/x86_64/satellite/6.10/os',
'content/dist/rhel/server/7/7Server/x86_64/satellite/6.10/source/SRPMS'
],
'pkgs': [
{'reference':'puppet-agent-6.26.0-1.el7sat', 'cpu':'x86_64', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'},
{'reference':'puppetserver-6.18.0-1.el7sat', 'release':'7', 'el_string':'el7sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'puppet-agent / puppetserver');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | puppet-agent | p-cpe:/a:redhat:enterprise_linux:puppet-agent |
redhat | enterprise_linux | puppetserver | p-cpe:/a:redhat:enterprise_linux:puppetserver |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27023
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-27025
www.nessus.org/u?69322a6b
access.redhat.com/errata/RHSA-2022:1708
access.redhat.com/security/updates/classification/#important
bugzilla.redhat.com/show_bug.cgi?id=2023853
bugzilla.redhat.com/show_bug.cgi?id=2023859
bugzilla.redhat.com/show_bug.cgi?id=2070984
bugzilla.redhat.com/show_bug.cgi?id=2070985
bugzilla.redhat.com/show_bug.cgi?id=2070991
bugzilla.redhat.com/show_bug.cgi?id=2070994
bugzilla.redhat.com/show_bug.cgi?id=2070996
bugzilla.redhat.com/show_bug.cgi?id=2070999
bugzilla.redhat.com/show_bug.cgi?id=2071002
bugzilla.redhat.com/show_bug.cgi?id=2071004
bugzilla.redhat.com/show_bug.cgi?id=2071006
bugzilla.redhat.com/show_bug.cgi?id=2075031
bugzilla.redhat.com/show_bug.cgi?id=2076979
bugzilla.redhat.com/show_bug.cgi?id=2077046
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
8.7 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
60.5%