Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2023-3625.NASL
HistoryApr 28, 2024 - 12:00 a.m.

RHEL 8 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)

2024-04-2800:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
rhel 8
openshift
container platform
4.10.62
rhsa-2023:3625
xstream
springframework
jenkins-2-plugin
denial of service
security bypass
stored xss
missing permission check
csrf vulnerability
arbitrary file write

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory.

  • xstream: Denial of Service by injecting recursive collections or maps based on element’s hash values raising a stack overflow (CVE-2022-41966)

  • springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)

  • jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)

  • jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin (CVE-2023-32979)

  • jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin (CVE-2023-32980)

  • jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility Steps Plugin (CVE-2023-32981)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2023:3625. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(194326);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/28");

  script_cve_id(
    "CVE-2022-41966",
    "CVE-2023-20860",
    "CVE-2023-32977",
    "CVE-2023-32979",
    "CVE-2023-32980",
    "CVE-2023-32981"
  );
  script_xref(name:"RHSA", value:"2023:3625");

  script_name(english:"RHEL 8 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for OpenShift Container Platform 4.10.62.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2023:3625 advisory.

  - xstream: Denial of Service by injecting recursive collections or maps based on element's hash values
    raising a stack overflow (CVE-2022-41966)

  - springframework: Security Bypass With Un-Prefixed Double Wildcard Pattern (CVE-2023-20860)

  - jenkins-2-plugin: workflow-job: Stored XSS vulnerability in Pipeline: Job Plugin (CVE-2023-32977)

  - jenkins-2-plugin: email-ext: Missing permission check in Email Extension Plugin (CVE-2023-32979)

  - jenkins-2-plugin: email-ext: CSRF vulnerability in Email Extension Plugin (CVE-2023-32980)

  - jenkins-2-plugin: pipeline-utility-steps: Arbitrary file write vulnerability on agents in Pipeline Utility
    Steps Plugin (CVE-2023-32981)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
  # https://docs.openshift.com/container-platform/4.10/release_notes/ocp-4-10-release-notes.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?e759494b");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2170431");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2180528");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2207830");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2207831");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2207833");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2207835");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2023/rhsa-2023_3625.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?6dda453e");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:3625");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL OpenShift Container Platform 4.10.62 package based on the guidance in RHSA-2023:3625.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-32981");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(79, 155, 266, 352, 502);
  script_set_attribute(attribute:"vendor_severity", value:"Important");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/24");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/06/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/28");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jenkins");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/aarch64/rhocp/4.10/debug',
      'content/dist/layered/rhel8/aarch64/rhocp/4.10/os',
      'content/dist/layered/rhel8/aarch64/rhocp/4.10/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/rhocp/4.10/debug',
      'content/dist/layered/rhel8/ppc64le/rhocp/4.10/os',
      'content/dist/layered/rhel8/ppc64le/rhocp/4.10/source/SRPMS',
      'content/dist/layered/rhel8/s390x/rhocp/4.10/debug',
      'content/dist/layered/rhel8/s390x/rhocp/4.10/os',
      'content/dist/layered/rhel8/s390x/rhocp/4.10/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/rhocp/4.10/debug',
      'content/dist/layered/rhel8/x86_64/rhocp/4.10/os',
      'content/dist/layered/rhel8/x86_64/rhocp/4.10/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'jenkins-2-plugins-4.10.1685679861-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube', 'cves':['CVE-2023-32977', 'CVE-2023-32979', 'CVE-2023-32980', 'CVE-2023-32981']},
      {'reference':'jenkins-2.401.1.1685677065-1.el8', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube', 'cves':['CVE-2022-41966', 'CVE-2023-20860']}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins');
}
VendorProductVersionCPE
redhatenterprise_linux8cpe:/o:redhat:enterprise_linux:8
redhatenterprise_linuxjenkinsp-cpe:/a:redhat:enterprise_linux:jenkins
redhatenterprise_linuxjenkins-2-pluginsp-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins

Related

nessus 16
redhat 15
cve 6
cvelist 6
github 6
prion 6
osv 13
veracode 6
redhatcve 7
alpinelinux 1
nvd 6
ubuntucve 2
amazon 1
openvas 8
ibm 38
debian 2
githubexploit 2
debiancve 2
atlassian 1
f5 1
freebsd 1
spring 1
ubuntu 1
oracle 4
nessus
nessus
RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)
2024-01-24 00:00:00
Debian DLA-3267-1 : libxstream-java - LTS security update
2023-01-16 00:00:00
Oracle Enterprise Manager Ops Center (Apr 2023 CPU)
2023-04-21 00:00:00
redhat
redhat
(RHSA-2023:3625) Important: OpenShift Container Platform 4.10.62 security update
2023-06-23 17:32:40
(RHSA-2023:1177) Important: Red Hat Integration Camel Extension For Quarkus 2.7-1 security update
2023-03-09 10:45:20
(RHSA-2023:3663) Important: jenkins and jenkins-2-plugins security update
2023-06-19 10:09:14
cve
cve
CVE-2023-32980
2023-05-16 16:15:10
CVE-2023-32979
2023-05-16 16:15:10
CVE-2023-32977
2023-05-16 16:15:10
cvelist
cvelist
CVE-2023-32980
2023-05-16 16:00:01
CVE-2023-32977
2023-05-16 15:59:58
CVE-2023-32979
2023-05-16 16:00:00
github
github
Jenkins Email Extension Plugin missing permission check
2023-05-16 18:30:16
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
2023-05-16 18:30:16
Jenkins Pipeline Utility Steps Plugin arbitrary file write vulnerability
2023-05-16 18:30:16
prion
prion
Design/Logic Flaw
2023-05-16 16:15:00
Cross site scripting
2023-05-16 16:15:00
Cross site request forgery (csrf)
2023-05-16 16:15:00
osv
osv
Jenkins Email Extension Plugin missing permission check
2023-05-16 18:30:16
Jenkins Pipeline: Job Plugin vulnerable to stored Cross-site Scripting
2023-05-16 18:30:16
CVE-2023-32979
2023-05-16 16:15:10
veracode
veracode
Improper Validation
2023-05-30 08:05:32
Cross-site Scripting (XSS)
2023-05-28 14:43:44
Cross-site Request Forgery (CSRF)
2023-05-21 09:59:34
redhatcve
redhatcve
CVE-2023-32979
2023-05-17 05:27:52
CVE-2023-32977
2023-05-17 04:58:01
CVE-2023-32981
2023-05-17 05:28:04
alpinelinux
alpinelinux
CVE-2023-32977
2023-05-16 16:15:10
nvd
nvd
CVE-2023-32979
2023-05-16 16:15:10
CVE-2023-32977
2023-05-16 16:15:10
CVE-2023-32981
2023-05-16 16:15:10
ubuntucve
ubuntucve
CVE-2023-20860
2023-03-27 00:00:00
CVE-2022-41966
2022-12-28 00:00:00
amazon
amazon
Important: xstream
2023-03-30 18:56:00
openvas
openvas
Debian: Security Advisory (DSA-5315-1)
2023-01-12 00:00:00
Debian: Security Advisory (DLA-3267-1)
2023-01-12 00:00:00
VMware Spring Framework 5.3.x < 5.3.26, 6.0.x < 6.0.7 Security Bypass Vulnerability - Windows
2023-03-21 00:00:00
ibm
ibm
Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to a security bypass in VMware Tanzu Spring Framework [CVE-2023-20860]
2023-06-28 19:44:02
Security Bulletin: IBM Sterling Connect:Direct for UNIX is affected by security restriction bypass due to Spring Framework [CVE-2023-20860]
2023-05-18 17:28:21
Security Bulletin: FileNet Content Manager (FNCM) FileNet Content Search Services (CSS) ThoughtWorks XStream security vulnerabilities, affected, not vulnerable
2023-06-27 18:57:22
debian
debian
[SECURITY] [DLA 3267-1] libxstream-java security update
2023-01-11 22:54:49
[SECURITY] [DSA 5315-1] libxstream-java security update
2023-01-11 22:35:02
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Xstream Project Xstream
2023-01-06 02:37:07
Exploit for CVE-2023-20860
2023-03-24 07:23:52
debiancve
debiancve
CVE-2022-41966
2022-12-28 00:15:14
CVE-2023-20860
2023-03-27 22:15:21
atlassian
atlassian
Upgrade spring-core for CVE-2023-20860
2023-05-17 06:46:56
f5
f5
K000134500 : Spring Framework vulnerability CVE-2023-20860
2023-05-08 00:00:00
freebsd
freebsd
security/keycloak -- Multiple possible DoS attacks
2022-09-07 00:00:00
spring
spring
This Week in Spring - March 21st, 2023
2023-03-21 00:00:00
ubuntu
ubuntu
XStream vulnerabilities
2023-03-13 00:00:00
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
Oracle Critical Patch Update Advisory - April 2024
2024-04-16 00:00:00

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

7.3 High

AI Score

Confidence

High

0.01 Low

EPSS

Percentile

83.8%

JSON
Related for REDHAT-RHSA-2023-3625.NASL
nessus16redhat15cve6cvelist6github6prion6osv13veracode6redhatcve7alpinelinux1nvd6ubuntucve2amazon1openvas8ibm38debian2githubexploit2debiancve2atlassian1f51freebsd1spring1ubuntu1oracle4