5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.1%
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:3387 advisory.
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security fix(es):
foreman: Stored cross-site scripting in host tab(CVE-2023-0119)
This update fixes the following bugs:
2190469 - CVE-2023-0119 foreman: Stored cross-site scripting in host tab [rhn_satellite_6.13] 2190460 - Navigating to Capsules page on Satellite WebUI displays error Pulp plugin missing for synchronizable content types: . Repositories containing these content types will not be synced. for few seconds 2190470 - Host Detail button landed to old Host UI page 2190472 - wrong metadata if uploaded rpm have different name than name in rpm 2190473 - Getting NoMethodError undefined method `get_status' for nil:NilClass when publishing content view 2190509 - Incremental update of the content view takes long time to complete 2190512 - Error importing repositories with GPG key 2190513 - Satellite showing errata from module streams not installed on client as upgradable/installable when content is imported (not synced) 2191657 - Importing Red Hat Repository Import on Disconnected Red Hat Satellite taking huge time around 5 hours 2191659 - Misleading job status in the new host UI when running jobs in bulk 2196242 - Upgrade to Satellite 6.13 fails on db:seed step with error GraphQL::InvalidNameError: Names must match /^[_a-zA-Z][_a-zA-Z0-9]*$/ but 'RHEL OpenStack Platform' does not 2208642 - Support satellite-clone with Ansible running on Python 3.11 in RHEL 8.8
Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2023:3387. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194239);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id("CVE-2023-0119");
script_xref(name:"RHSA", value:"2023:3387");
script_name(english:"RHEL 8 : Satellite 6.13.1 Async Security Update (Moderate) (RHSA-2023:3387)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in
the RHSA-2023:3387 advisory.
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security fix(es):
foreman: Stored cross-site scripting in host tab(CVE-2023-0119)
This update fixes the following bugs:
2190469 - CVE-2023-0119 foreman: Stored cross-site scripting in host tab [rhn_satellite_6.13]
2190460 - Navigating to Capsules page on Satellite WebUI displays error Pulp plugin missing for
synchronizable content types: . Repositories containing these content types will not be synced. for few
seconds
2190470 - Host Detail button landed to old Host UI page
2190472 - wrong metadata if uploaded rpm have different name than name in rpm
2190473 - Getting NoMethodError undefined method `get_status' for nil:NilClass when publishing content
view
2190509 - Incremental update of the content view takes long time to complete
2190512 - Error importing repositories with GPG key
2190513 - Satellite showing errata from module streams not installed on client as upgradable/installable
when content is imported (not synced)
2191657 - Importing Red Hat Repository Import on Disconnected Red Hat Satellite taking huge time around
5 hours
2191659 - Misleading job status in the new host UI when running jobs in bulk
2196242 - Upgrade to Satellite 6.13 fails on db:seed step with error GraphQL::InvalidNameError: Names must
match /^[_a-zA-Z][_a-zA-Z0-9]*$/ but 'RHEL OpenStack Platform' does not
2208642 - Support satellite-clone with Ansible running on Python 3.11 in RHEL 8.8
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2159104");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190460");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190464");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190470");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190472");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190473");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190509");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190512");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2190513");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2191657");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2191659");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2196242");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2208642");
# https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_3387.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?8b479853");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:3387");
script_set_attribute(attribute:"solution", value:
"Update the affected foreman package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-0119");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(79);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/05/31");
script_set_attribute(attribute:"patch_publication_date", value:"2023/05/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:foreman");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/layered/rhel8/x86_64/sat-capsule/6.13/debug',
'content/dist/layered/rhel8/x86_64/sat-capsule/6.13/os',
'content/dist/layered/rhel8/x86_64/sat-capsule/6.13/source/SRPMS',
'content/dist/layered/rhel8/x86_64/sat-utils/6.13/debug',
'content/dist/layered/rhel8/x86_64/sat-utils/6.13/os',
'content/dist/layered/rhel8/x86_64/sat-utils/6.13/source/SRPMS',
'content/dist/layered/rhel8/x86_64/satellite/6.13/debug',
'content/dist/layered/rhel8/x86_64/satellite/6.13/os',
'content/dist/layered/rhel8/x86_64/satellite/6.13/source/SRPMS'
],
'pkgs': [
{'reference':'foreman-3.5.1.17-1.el8sat', 'release':'8', 'el_string':'el8sat', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'foreman');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | foreman | p-cpe:/a:redhat:enterprise_linux:foreman |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-0119
www.nessus.org/u?8b479853
access.redhat.com/errata/RHSA-2023:3387
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2159104
bugzilla.redhat.com/show_bug.cgi?id=2190460
bugzilla.redhat.com/show_bug.cgi?id=2190464
bugzilla.redhat.com/show_bug.cgi?id=2190470
bugzilla.redhat.com/show_bug.cgi?id=2190472
bugzilla.redhat.com/show_bug.cgi?id=2190473
bugzilla.redhat.com/show_bug.cgi?id=2190509
bugzilla.redhat.com/show_bug.cgi?id=2190512
bugzilla.redhat.com/show_bug.cgi?id=2190513
bugzilla.redhat.com/show_bug.cgi?id=2191657
bugzilla.redhat.com/show_bug.cgi?id=2191659
bugzilla.redhat.com/show_bug.cgi?id=2196242
bugzilla.redhat.com/show_bug.cgi?id=2208642
5.4 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
5.8 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
30.1%