Lucene search
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2022-7822.NASLHistoryNov 09, 2022 - 12:00 a.m.
RHEL 8 : container-tools:rhel8 (RHSA-2022:7822)
2022-11-0900:00:00
This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
red hat
enterprise
linux 8
podman
buildah
cve-2022-2989
cve-2022-2990
information disclosure
modification
vulnerability
update
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.8%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:7822 advisory.
-
podman: possible information disclosure and modification (CVE-2022-2989)
-
buildah: possible information disclosure and modification (CVE-2022-2990)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:7822. The text
# itself is copyright (C) Red Hat, Inc.
##
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(167179);
script_version("1.7");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/28");
script_cve_id("CVE-2022-2989", "CVE-2022-2990");
script_xref(name:"RHSA", value:"2022:7822");
script_name(english:"RHEL 8 : container-tools:rhel8 (RHSA-2022:7822)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2022:7822 advisory.
- podman: possible information disclosure and modification (CVE-2022-2989)
- buildah: possible information disclosure and modification (CVE-2022-2990)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_7822.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6f39e7cd");
# https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?790bc9ea");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#low");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121445");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2121453");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125644");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125647");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2125686");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2129767");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2130234");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2130236");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2130911");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2132360");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2132412");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2132992");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2133390");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2136406");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2136433");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2136438");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2137295");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:7822");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2990");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(842);
script_set_attribute(attribute:"vendor_severity", value:"Low");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/09/13");
script_set_attribute(attribute:"patch_publication_date", value:"2022/11/08");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/11/09");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:aardvark-dns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:buildah-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cockpit-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:conmon");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:container-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:containers-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:crit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:criu-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:crun");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:fuse-overlayfs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libslirp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libslirp-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:netavark");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:oci-seccomp-bpf-hook");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-catatonit");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-docker");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-gvproxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-remote");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:podman-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-criu");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-podman");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:runc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:skopeo-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slirp4netns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:toolbox");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:toolbox-tests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:udica");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var appstreams = {
'container-tools:rhel8': [
{
'repo_relative_urls': [
'content/dist/rhel8/8.10/aarch64/appstream/debug',
'content/dist/rhel8/8.10/aarch64/appstream/os',
'content/dist/rhel8/8.10/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/appstream/debug',
'content/dist/rhel8/8.10/ppc64le/appstream/os',
'content/dist/rhel8/8.10/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.10/s390x/appstream/debug',
'content/dist/rhel8/8.10/s390x/appstream/os',
'content/dist/rhel8/8.10/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/appstream/debug',
'content/dist/rhel8/8.10/x86_64/appstream/os',
'content/dist/rhel8/8.10/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/appstream/debug',
'content/dist/rhel8/8.6/aarch64/appstream/os',
'content/dist/rhel8/8.6/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/appstream/debug',
'content/dist/rhel8/8.6/ppc64le/appstream/os',
'content/dist/rhel8/8.6/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.6/s390x/appstream/debug',
'content/dist/rhel8/8.6/s390x/appstream/os',
'content/dist/rhel8/8.6/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/appstream/debug',
'content/dist/rhel8/8.6/x86_64/appstream/os',
'content/dist/rhel8/8.6/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/appstream/debug',
'content/dist/rhel8/8.8/aarch64/appstream/os',
'content/dist/rhel8/8.8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/appstream/debug',
'content/dist/rhel8/8.8/ppc64le/appstream/os',
'content/dist/rhel8/8.8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.8/s390x/appstream/debug',
'content/dist/rhel8/8.8/s390x/appstream/os',
'content/dist/rhel8/8.8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/appstream/debug',
'content/dist/rhel8/8.8/x86_64/appstream/os',
'content/dist/rhel8/8.8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/appstream/debug',
'content/dist/rhel8/8.9/aarch64/appstream/os',
'content/dist/rhel8/8.9/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/appstream/debug',
'content/dist/rhel8/8.9/ppc64le/appstream/os',
'content/dist/rhel8/8.9/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.9/s390x/appstream/debug',
'content/dist/rhel8/8.9/s390x/appstream/os',
'content/dist/rhel8/8.9/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/appstream/debug',
'content/dist/rhel8/8.9/x86_64/appstream/os',
'content/dist/rhel8/8.9/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8/aarch64/appstream/debug',
'content/dist/rhel8/8/aarch64/appstream/os',
'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8/ppc64le/appstream/debug',
'content/dist/rhel8/8/ppc64le/appstream/os',
'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8/s390x/appstream/debug',
'content/dist/rhel8/8/s390x/appstream/os',
'content/dist/rhel8/8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8/x86_64/appstream/debug',
'content/dist/rhel8/8/x86_64/appstream/os',
'content/dist/rhel8/8/x86_64/appstream/source/SRPMS'
],
'pkgs': [
{'reference':'aardvark-dns-1.1.0-5.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'buildah-1.27.2-2.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'buildah-tests-1.27.2-2.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'cockpit-podman-53-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'allowmaj':TRUE},
{'reference':'conmon-2.1.4-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'container-selinux-2.189.0-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'containernetworking-plugins-1.1.1-3.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'containers-common-1-43.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'allowmaj':TRUE},
{'reference':'crit-3.15-3.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-3.15-3.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-devel-3.15-3.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'criu-libs-3.15-3.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'crun-1.5-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'fuse-overlayfs-1.9-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-4.4.0-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'libslirp-devel-4.4.0-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'netavark-1.1.0-7.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'oci-seccomp-bpf-hook-1.2.6-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'podman-4.2.0-4.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'podman-catatonit-4.2.0-4.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'podman-docker-4.2.0-4.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'podman-gvproxy-4.2.0-4.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'podman-plugins-4.2.0-4.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'podman-remote-4.2.0-4.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'podman-tests-4.2.0-4.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'3'},
{'reference':'python3-criu-3.15-3.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-podman-4.2.1-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'runc-1.1.4-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
{'reference':'skopeo-1.9.3-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'skopeo-tests-1.9.3-1.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2'},
{'reference':'slirp4netns-1.2.0-2.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'toolbox-tests-0.0.99.3-0.6.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'udica-0.2.6-3.module+el8.7.0+17064+3b31f55c', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
]
};
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var module_ver = get_kb_item('Host/RedHat/appstream/container-tools');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');
if ('rhel8' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module container-tools:' + module_ver);
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var module_array ( appstreams[module] ) {
var repo_relative_urls = NULL;
if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];
foreach var package_array ( module_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module container-tools:rhel8');
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'aardvark-dns / buildah / buildah-tests / cockpit-podman / conmon / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
| redhat | enterprise_linux | aardvark-dns | p-cpe:/a:redhat:enterprise_linux:aardvark-dns |
| redhat | enterprise_linux | buildah | p-cpe:/a:redhat:enterprise_linux:buildah |
| redhat | enterprise_linux | buildah-tests | p-cpe:/a:redhat:enterprise_linux:buildah-tests |
| redhat | enterprise_linux | cockpit-podman | p-cpe:/a:redhat:enterprise_linux:cockpit-podman |
| redhat | enterprise_linux | conmon | p-cpe:/a:redhat:enterprise_linux:conmon |
| redhat | enterprise_linux | container-selinux | p-cpe:/a:redhat:enterprise_linux:container-selinux |
| redhat | enterprise_linux | containernetworking-plugins | p-cpe:/a:redhat:enterprise_linux:containernetworking-plugins |
| redhat | enterprise_linux | containers-common | p-cpe:/a:redhat:enterprise_linux:containers-common |
| redhat | enterprise_linux | crit | p-cpe:/a:redhat:enterprise_linux:crit |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2989
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2990
www.nessus.org/u?6f39e7cd
www.nessus.org/u?790bc9ea
access.redhat.com/errata/RHSA-2022:7822
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=2121445
bugzilla.redhat.com/show_bug.cgi?id=2121453
bugzilla.redhat.com/show_bug.cgi?id=2125644
bugzilla.redhat.com/show_bug.cgi?id=2125645
bugzilla.redhat.com/show_bug.cgi?id=2125647
bugzilla.redhat.com/show_bug.cgi?id=2125648
bugzilla.redhat.com/show_bug.cgi?id=2125686
bugzilla.redhat.com/show_bug.cgi?id=2129767
bugzilla.redhat.com/show_bug.cgi?id=2130234
bugzilla.redhat.com/show_bug.cgi?id=2130236
bugzilla.redhat.com/show_bug.cgi?id=2130911
bugzilla.redhat.com/show_bug.cgi?id=2132360
bugzilla.redhat.com/show_bug.cgi?id=2132412
bugzilla.redhat.com/show_bug.cgi?id=2132992
bugzilla.redhat.com/show_bug.cgi?id=2133390
bugzilla.redhat.com/show_bug.cgi?id=2136406
bugzilla.redhat.com/show_bug.cgi?id=2136433
bugzilla.redhat.com/show_bug.cgi?id=2136438
bugzilla.redhat.com/show_bug.cgi?id=2137295
Related
nessus
nessus
Oracle Linux 8 : container-tools:ol8 (ELSA-2022-7822)
2022-11-23 00:00:00
RHEL 9 : podman (RHSA-2022:8431)
2022-11-16 00:00:00
Rocky Linux 8 : container-tools:rhel8 (RLSA-2022:7822)
2023-11-07 00:00:00
almalinux
almalinux
Low: podman security, bug fix, and enhancement update
2022-11-15 00:00:00
Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 00:00:00
Moderate: buildah security and bug fix update
2022-11-15 00:00:00
redhat
redhat
(RHSA-2022:7822) Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 10:51:15
(RHSA-2022:8431) Low: podman security, bug fix, and enhancement update
2022-11-15 15:35:37
(RHSA-2022:8008) Moderate: buildah security and bug fix update
2022-11-15 06:13:14
osv
osv
Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 10:51:15
Low: container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 00:00:00
Low: podman security, bug fix, and enhancement update
2022-11-15 00:00:00
oraclelinux
oraclelinux
podman security, bug fix, and enhancement update
2022-11-24 00:00:00
container-tools:ol8 security, bug fix, and enhancement update
2022-11-22 00:00:00
buildah security and bug fix update
2022-11-22 00:00:00
rocky
rocky
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 10:51:15
container-tools:rhel8 security, bug fix, and enhancement update
2022-11-08 06:20:07
cbl_mariner
cbl_mariner
CVE-2022-2990 affecting package buildah for versions less than 1.18.0-24
2024-04-17 23:32:37
CVE-2022-2990 affecting package buildah 1.18.0-8
2024-07-05 21:08:40
CVE-2022-2990 affecting package buildah for versions less than 1.18.0-17
2023-09-28 11:57:58
prion
prion
Information disclosure
2022-09-13 14:15:00
Information disclosure
2022-09-13 14:15:00
github
github
ubuntucve
ubuntucve
CVE-2022-2990
2022-09-13 00:00:00
CVE-2022-2989
2022-09-13 00:00:00
cvelist
cvelist
CVE-2022-2990
2022-09-13 13:44:21
CVE-2022-2989
2022-09-13 13:41:00
redhatcve
redhatcve
CVE-2022-2990
2022-08-25 14:10:09
CVE-2022-2989
2022-08-25 13:40:10
alpinelinux
alpinelinux
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
debiancve
debiancve
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4099-1)
2023-10-18 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3820-1)
2022-11-01 00:00:00
SUSE: Security Advisory (SUSE-SU-2022:3819-1)
2022-11-01 00:00:00
veracode
veracode
Information Disclosure
2022-09-16 06:55:11
Information Disclosure
2022-09-16 06:34:58
nvd
nvd
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
cve
cve
CVE-2022-2990
2022-09-13 14:15:08
CVE-2022-2989
2022-09-13 14:15:08
suse
suse
Security update for podman (moderate)
2022-10-31 00:00:00
Security update for podman (moderate)
2022-10-31 00:00:00
Security update for buildah (important)
2022-10-26 00:00:00
ubuntu
ubuntu
Podman vulnerability
2023-08-16 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2023-2227
2023-09-05 09:31:53
mageia
mageia
Updated skopeo/buildah/podman packages fix security vulnerability
2023-07-07 08:54:45
gentoo
gentoo
podman: Multiple Vulnerabilities
2024-07-05 00:00:00
photon
photon
Critical Photon OS Security Update - PHSA-2023-4.0-0429
2023-07-18 00:00:00
7.1 High
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
7.8 High
AI Score
Confidence
High
0.0005 Low
EPSS
Percentile
17.8%
Related for REDHAT-RHSA-2022-7822.NASL