7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.2%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0894 advisory.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld) and many client programs and libraries.
Security Fix(es):
* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054, CVE-2023-22056)
* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22452)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:0894. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(190767);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id(
"CVE-2022-4899",
"CVE-2023-21911",
"CVE-2023-21919",
"CVE-2023-21920",
"CVE-2023-21929",
"CVE-2023-21933",
"CVE-2023-21935",
"CVE-2023-21940",
"CVE-2023-21945",
"CVE-2023-21946",
"CVE-2023-21947",
"CVE-2023-21953",
"CVE-2023-21955",
"CVE-2023-21962",
"CVE-2023-21966",
"CVE-2023-21972",
"CVE-2023-21976",
"CVE-2023-21977",
"CVE-2023-21980",
"CVE-2023-21982",
"CVE-2023-22005",
"CVE-2023-22007",
"CVE-2023-22008",
"CVE-2023-22032",
"CVE-2023-22033",
"CVE-2023-22038",
"CVE-2023-22046",
"CVE-2023-22048",
"CVE-2023-22053",
"CVE-2023-22054",
"CVE-2023-22056",
"CVE-2023-22057",
"CVE-2023-22058",
"CVE-2023-22059",
"CVE-2023-22064",
"CVE-2023-22065",
"CVE-2023-22066",
"CVE-2023-22068",
"CVE-2023-22070",
"CVE-2023-22078",
"CVE-2023-22079",
"CVE-2023-22084",
"CVE-2023-22092",
"CVE-2023-22097",
"CVE-2023-22103",
"CVE-2023-22104",
"CVE-2023-22110",
"CVE-2023-22111",
"CVE-2023-22112",
"CVE-2023-22113",
"CVE-2023-22114",
"CVE-2023-22115",
"CVE-2024-20960",
"CVE-2024-20961",
"CVE-2024-20962",
"CVE-2024-20963",
"CVE-2024-20964",
"CVE-2024-20965",
"CVE-2024-20966",
"CVE-2024-20967",
"CVE-2024-20968",
"CVE-2024-20969",
"CVE-2024-20970",
"CVE-2024-20971",
"CVE-2024-20972",
"CVE-2024-20973",
"CVE-2024-20974",
"CVE-2024-20976",
"CVE-2024-20977",
"CVE-2024-20978",
"CVE-2024-20981",
"CVE-2024-20982",
"CVE-2024-20983",
"CVE-2024-20984",
"CVE-2024-20985",
"CVE-2024-20993",
"CVE-2024-21049",
"CVE-2024-21050",
"CVE-2024-21051",
"CVE-2024-21052",
"CVE-2024-21053",
"CVE-2024-21055",
"CVE-2024-21056",
"CVE-2024-21057",
"CVE-2024-21061"
);
script_xref(name:"IAVA", value:"2023-A-0212-S");
script_xref(name:"IAVA", value:"2023-A-0368-S");
script_xref(name:"IAVA", value:"2023-A-0562");
script_xref(name:"RHSA", value:"2024:0894");
script_xref(name:"IAVA", value:"2024-A-0034-S");
script_name(english:"RHEL 8 : mysql:8.0 (RHSA-2024:0894)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for mysql:8.0.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:0894 advisory.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon (mysqld)
and many client programs and libraries.
Security Fix(es):
* mysql: InnoDB unspecified vulnerability (CPU Apr 2023) (CVE-2023-21911)
* mysql: Server: DDL unspecified vulnerability (CPU Apr 2023) (CVE-2023-21919, CVE-2023-21929,
CVE-2023-21933)
* mysql: Server: Optimizer unspecified vulnerability (CPU Apr 2023) (CVE-2023-21920, CVE-2023-21935,
CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982)
* mysql: Server: Components Services unspecified vulnerability (CPU Apr 2023) (CVE-2023-21940,
CVE-2023-21947, CVE-2023-21962)
* mysql: Server: Partition unspecified vulnerability (CPU Apr 2023) (CVE-2023-21953, CVE-2023-21955)
* mysql: Server: JSON unspecified vulnerability (CPU Apr 2023) (CVE-2023-21966)
* mysql: Server: DML unspecified vulnerability (CPU Apr 2023) (CVE-2023-21972)
* mysql: Client programs unspecified vulnerability (CPU Apr 2023) (CVE-2023-21980)
* mysql: Server: Replication unspecified vulnerability (CPU Jul 2023) (CVE-2023-22005, CVE-2023-22007,
CVE-2023-22057)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22008)
* mysql: Server: Optimizer unspecified vulnerability (CPU Oct 2023) (CVE-2023-22032, CVE-2023-22059,
CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092,
CVE-2023-22103, CVE-2023-22110, CVE-2023-22112)
* mysql: InnoDB unspecified vulnerability (CPU Jul 2023) (CVE-2023-22033)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jul 2023) (CVE-2023-22046, CVE-2023-22054,
CVE-2023-22056)
* mysql: Client programs unspecified vulnerability (CPU Jul 2023) (CVE-2023-22053)
* mysql: Server: DDL unspecified vulnerability (CPU Jul 2023) (CVE-2023-22058)
* mysql: InnoDB unspecified vulnerability (CPU Oct 2023) (CVE-2023-22066, CVE-2023-22068, CVE-2023-22084,
CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
* mysql: Server: UDF unspecified vulnerability (CPU Oct 2023) (CVE-2023-22111)
* mysql: Server: DML unspecified vulnerability (CPU Oct 2023) (CVE-2023-22115)
* mysql: Server: RAPID unspecified vulnerability (CPU Jan 2024) (CVE-2024-20960)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Jan 2024) (CVE-2024-20963)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jan 2024) (CVE-2024-20964)
* mysql: Server: Replication unspecified vulnerability (CPU Jan 2024) (CVE-2024-20967)
* mysql: Server: Options unspecified vulnerability (CPU Jan 2024) (CVE-2024-20968)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20969)
* mysql: Server: Optimizer unspecified vulnerability (CPU Jan 2024) (CVE-2024-20961, CVE-2024-20962,
CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973,
CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982)
* mysql: Server: DDL unspecified vulnerability (CPU Jan 2024) (CVE-2024-20981)
* mysql: Server: DML unspecified vulnerability (CPU Jan 2024) (CVE-2024-20983)
* mysql: Server : Security : Firewall unspecified vulnerability (CPU Jan 2024) (CVE-2024-20984)
* mysql: Server: UDF unspecified vulnerability (CPU Jan 2024) (CVE-2024-20985)
* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
* mysql: Server: Security: Privileges unspecified vulnerability (CPU Jul 2023) (CVE-2023-22038)
* mysql: Server: Pluggable Auth unspecified vulnerability (CPU Jul 2023) (CVE-2023-22048)
* mysql: Server: Security: Encryption unspecified vulnerability (CPU Oct 2023) (CVE-2023-22113)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Bug Fix(es):
* Fix for MySQL bug #33630199 in 8.0.32 introduces regression when --set-gtid-purged=OFF (RHEL-22452)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0894.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3a44740a");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:0894");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2179864");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188109");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188116");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188118");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188122");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188123");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188124");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188125");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188127");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188128");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188129");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188130");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188131");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188132");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224212");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224213");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224214");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224215");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224216");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224217");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224218");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224219");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224220");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224221");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224222");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245014");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245016");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245017");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245018");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245020");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245021");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245022");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245023");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245024");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245026");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245027");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245029");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245030");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245031");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245033");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245034");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258772");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258776");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258778");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258779");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258780");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258781");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258782");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258783");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258787");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258788");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258789");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258790");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258791");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258792");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258793");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258794");
script_set_attribute(attribute:"solution", value:
"Update the RHEL mysql:8.0 package based on the guidance in RHSA-2024:0894.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-21980");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/31");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/20");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mecab");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mecab-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-EUCJP");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-errmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-libs");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:mysql-test");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var appstreams = {
'mysql:8.0': [
{
'repo_relative_urls': [
'content/dist/rhel8/8.10/aarch64/appstream/debug',
'content/dist/rhel8/8.10/aarch64/appstream/os',
'content/dist/rhel8/8.10/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.10/ppc64le/appstream/debug',
'content/dist/rhel8/8.10/ppc64le/appstream/os',
'content/dist/rhel8/8.10/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.10/s390x/appstream/debug',
'content/dist/rhel8/8.10/s390x/appstream/os',
'content/dist/rhel8/8.10/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.10/x86_64/appstream/debug',
'content/dist/rhel8/8.10/x86_64/appstream/os',
'content/dist/rhel8/8.10/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/aarch64/appstream/debug',
'content/dist/rhel8/8.6/aarch64/appstream/os',
'content/dist/rhel8/8.6/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.6/ppc64le/appstream/debug',
'content/dist/rhel8/8.6/ppc64le/appstream/os',
'content/dist/rhel8/8.6/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.6/s390x/appstream/debug',
'content/dist/rhel8/8.6/s390x/appstream/os',
'content/dist/rhel8/8.6/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.6/x86_64/appstream/debug',
'content/dist/rhel8/8.6/x86_64/appstream/os',
'content/dist/rhel8/8.6/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/aarch64/appstream/debug',
'content/dist/rhel8/8.8/aarch64/appstream/os',
'content/dist/rhel8/8.8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.8/ppc64le/appstream/debug',
'content/dist/rhel8/8.8/ppc64le/appstream/os',
'content/dist/rhel8/8.8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.8/s390x/appstream/debug',
'content/dist/rhel8/8.8/s390x/appstream/os',
'content/dist/rhel8/8.8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.8/x86_64/appstream/debug',
'content/dist/rhel8/8.8/x86_64/appstream/os',
'content/dist/rhel8/8.8/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/aarch64/appstream/debug',
'content/dist/rhel8/8.9/aarch64/appstream/os',
'content/dist/rhel8/8.9/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8.9/ppc64le/appstream/debug',
'content/dist/rhel8/8.9/ppc64le/appstream/os',
'content/dist/rhel8/8.9/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8.9/s390x/appstream/debug',
'content/dist/rhel8/8.9/s390x/appstream/os',
'content/dist/rhel8/8.9/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8.9/x86_64/appstream/debug',
'content/dist/rhel8/8.9/x86_64/appstream/os',
'content/dist/rhel8/8.9/x86_64/appstream/source/SRPMS',
'content/dist/rhel8/8/aarch64/appstream/debug',
'content/dist/rhel8/8/aarch64/appstream/os',
'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',
'content/dist/rhel8/8/ppc64le/appstream/debug',
'content/dist/rhel8/8/ppc64le/appstream/os',
'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',
'content/dist/rhel8/8/s390x/appstream/debug',
'content/dist/rhel8/8/s390x/appstream/os',
'content/dist/rhel8/8/s390x/appstream/source/SRPMS',
'content/dist/rhel8/8/x86_64/appstream/debug',
'content/dist/rhel8/8/x86_64/appstream/os',
'content/dist/rhel8/8/x86_64/appstream/source/SRPMS'
],
'pkgs': [
{'reference':'mecab-0.996-2.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-devel-0.996-2.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-2.7.0.20070801-16.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mecab-ipadic-EUCJP-2.7.0.20070801-16.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-8.0.36-1.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-common-8.0.36-1.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-devel-8.0.36-1.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-errmsg-8.0.36-1.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-libs-8.0.36-1.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-server-8.0.36-1.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'mysql-test-8.0.36-1.module+el8.9.0+21207+6c20cb3d', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
]
};
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var module_ver = get_kb_item('Host/RedHat/appstream/mysql');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if ('8.0' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module mysql:' + module_ver);
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var module_array ( appstreams[module] ) {
var repo_relative_urls = NULL;
if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];
foreach var package_array ( module_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module mysql:8.0');
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'mecab / mecab-devel / mecab-ipadic / mecab-ipadic-EUCJP / mysql / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | mysql-devel | p-cpe:/a:redhat:enterprise_linux:mysql-devel |
redhat | enterprise_linux | mysql | p-cpe:/a:redhat:enterprise_linux:mysql |
redhat | enterprise_linux | mysql-server | p-cpe:/a:redhat:enterprise_linux:mysql-server |
redhat | enterprise_linux | mysql-errmsg | p-cpe:/a:redhat:enterprise_linux:mysql-errmsg |
redhat | enterprise_linux | mecab | p-cpe:/a:redhat:enterprise_linux:mecab |
redhat | enterprise_linux | mecab-ipadic | p-cpe:/a:redhat:enterprise_linux:mecab-ipadic |
redhat | enterprise_linux | mysql-common | p-cpe:/a:redhat:enterprise_linux:mysql-common |
redhat | enterprise_linux | mysql-test | p-cpe:/a:redhat:enterprise_linux:mysql-test |
redhat | enterprise_linux | mecab-devel | p-cpe:/a:redhat:enterprise_linux:mecab-devel |
redhat | enterprise_linux | mecab-ipadic-eucjp | p-cpe:/a:redhat:enterprise_linux:mecab-ipadic-eucjp |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21919
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21920
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21061
www.nessus.org/u?3a44740a
access.redhat.com/errata/RHSA-2024:0894
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2179864
bugzilla.redhat.com/show_bug.cgi?id=2188109
bugzilla.redhat.com/show_bug.cgi?id=2188113
bugzilla.redhat.com/show_bug.cgi?id=2188115
bugzilla.redhat.com/show_bug.cgi?id=2188116
bugzilla.redhat.com/show_bug.cgi?id=2188117
bugzilla.redhat.com/show_bug.cgi?id=2188118
bugzilla.redhat.com/show_bug.cgi?id=2188119
bugzilla.redhat.com/show_bug.cgi?id=2188120
bugzilla.redhat.com/show_bug.cgi?id=2188121
bugzilla.redhat.com/show_bug.cgi?id=2188122
bugzilla.redhat.com/show_bug.cgi?id=2188123
bugzilla.redhat.com/show_bug.cgi?id=2188124
bugzilla.redhat.com/show_bug.cgi?id=2188125
bugzilla.redhat.com/show_bug.cgi?id=2188127
bugzilla.redhat.com/show_bug.cgi?id=2188128
bugzilla.redhat.com/show_bug.cgi?id=2188129
bugzilla.redhat.com/show_bug.cgi?id=2188130
bugzilla.redhat.com/show_bug.cgi?id=2188131
bugzilla.redhat.com/show_bug.cgi?id=2188132
bugzilla.redhat.com/show_bug.cgi?id=2224211
bugzilla.redhat.com/show_bug.cgi?id=2224212
bugzilla.redhat.com/show_bug.cgi?id=2224213
bugzilla.redhat.com/show_bug.cgi?id=2224214
bugzilla.redhat.com/show_bug.cgi?id=2224215
bugzilla.redhat.com/show_bug.cgi?id=2224216
bugzilla.redhat.com/show_bug.cgi?id=2224217
bugzilla.redhat.com/show_bug.cgi?id=2224218
bugzilla.redhat.com/show_bug.cgi?id=2224219
bugzilla.redhat.com/show_bug.cgi?id=2224220
bugzilla.redhat.com/show_bug.cgi?id=2224221
bugzilla.redhat.com/show_bug.cgi?id=2224222
bugzilla.redhat.com/show_bug.cgi?id=2245014
bugzilla.redhat.com/show_bug.cgi?id=2245015
bugzilla.redhat.com/show_bug.cgi?id=2245016
bugzilla.redhat.com/show_bug.cgi?id=2245017
bugzilla.redhat.com/show_bug.cgi?id=2245018
bugzilla.redhat.com/show_bug.cgi?id=2245019
bugzilla.redhat.com/show_bug.cgi?id=2245020
bugzilla.redhat.com/show_bug.cgi?id=2245021
bugzilla.redhat.com/show_bug.cgi?id=2245022
bugzilla.redhat.com/show_bug.cgi?id=2245023
bugzilla.redhat.com/show_bug.cgi?id=2245024
bugzilla.redhat.com/show_bug.cgi?id=2245026
bugzilla.redhat.com/show_bug.cgi?id=2245027
bugzilla.redhat.com/show_bug.cgi?id=2245028
bugzilla.redhat.com/show_bug.cgi?id=2245029
bugzilla.redhat.com/show_bug.cgi?id=2245030
bugzilla.redhat.com/show_bug.cgi?id=2245031
bugzilla.redhat.com/show_bug.cgi?id=2245032
bugzilla.redhat.com/show_bug.cgi?id=2245033
bugzilla.redhat.com/show_bug.cgi?id=2245034
bugzilla.redhat.com/show_bug.cgi?id=2258771
bugzilla.redhat.com/show_bug.cgi?id=2258772
bugzilla.redhat.com/show_bug.cgi?id=2258773
bugzilla.redhat.com/show_bug.cgi?id=2258774
bugzilla.redhat.com/show_bug.cgi?id=2258775
bugzilla.redhat.com/show_bug.cgi?id=2258776
bugzilla.redhat.com/show_bug.cgi?id=2258777
bugzilla.redhat.com/show_bug.cgi?id=2258778
bugzilla.redhat.com/show_bug.cgi?id=2258779
bugzilla.redhat.com/show_bug.cgi?id=2258780
bugzilla.redhat.com/show_bug.cgi?id=2258781
bugzilla.redhat.com/show_bug.cgi?id=2258782
bugzilla.redhat.com/show_bug.cgi?id=2258783
bugzilla.redhat.com/show_bug.cgi?id=2258784
bugzilla.redhat.com/show_bug.cgi?id=2258785
bugzilla.redhat.com/show_bug.cgi?id=2258787
bugzilla.redhat.com/show_bug.cgi?id=2258788
bugzilla.redhat.com/show_bug.cgi?id=2258789
bugzilla.redhat.com/show_bug.cgi?id=2258790
bugzilla.redhat.com/show_bug.cgi?id=2258791
bugzilla.redhat.com/show_bug.cgi?id=2258792
bugzilla.redhat.com/show_bug.cgi?id=2258793
bugzilla.redhat.com/show_bug.cgi?id=2258794
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.9 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.2%