7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.2%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:2619 advisory.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version:
rh-mysql80-mysql (8.0.36)
Security fixes:
* mysql: Client programs unspecified vulnerability (CVE-2023-21980, CVE-2023-22053)
* mysql: InnoDB unspecified vulnerability (CVE-2023-21911, CVE-2023-22008, CVE-2023-22033, CVE-2023-22066, CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
* mysql: Server : Security : Firewall unspecified vulnerability (CVE-2024-20984)
* mysql: Server: Audit Plug-in unspecified vulnerability (CVE-2024-21061)
* mysql: Server: Components Services unspecified vulnerability (CVE-2023-21940, CVE-2023-21947, CVE-2023-21962)
* mysql: Server: DDL unspecified vulnerability (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933, CVE-2023-22058, CVE-2024-20969, CVE-2024-20981)
* mysql: Server: DML unspecified vulnerability (CVE-2023-21972, CVE-2023-22115, CVE-2024-20983, CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053, CVE-2024-21056)
* mysql: Server: JSON unspecified vulnerability (CVE-2023-21966)
* mysql: Server: Optimizer unspecified vulnerability (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945, CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982, CVE-2023-22032, CVE-2023-22046, CVE-2023-22054, CVE-2023-22056, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070, CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112, CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971, CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978, CVE-2024-20982, CVE-2024-20993, CVE-2024-21055, CVE-2024-21057)
* mysql: Server: Options unspecified vulnerability (CVE-2024-20968)
* mysql: Server: Partition unspecified vulnerability (CVE-2023-21953, CVE-2023-21955)
* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2023-22048)
* mysql: Server: RAPID unspecified vulnerability (CVE-2024-20960)
* mysql: Server: Replication unspecified vulnerability (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057, CVE-2024-20967)
* mysql: Server: Security: Encryption unspecified vulnerability (CVE-2023-22113, CVE-2024-20963)
* mysql: Server: Security: Privileges unspecified vulnerability (CVE-2023-22038, CVE-2024-20964)
* mysql: Server: UDF unspecified vulnerability (CVE-2023-22111, CVE-2024-20985)
* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:2619. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194842);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/04");
script_cve_id(
"CVE-2022-4899",
"CVE-2023-21911",
"CVE-2023-21919",
"CVE-2023-21920",
"CVE-2023-21929",
"CVE-2023-21933",
"CVE-2023-21935",
"CVE-2023-21940",
"CVE-2023-21945",
"CVE-2023-21946",
"CVE-2023-21947",
"CVE-2023-21953",
"CVE-2023-21955",
"CVE-2023-21962",
"CVE-2023-21966",
"CVE-2023-21972",
"CVE-2023-21976",
"CVE-2023-21977",
"CVE-2023-21980",
"CVE-2023-21982",
"CVE-2023-22005",
"CVE-2023-22007",
"CVE-2023-22008",
"CVE-2023-22032",
"CVE-2023-22033",
"CVE-2023-22038",
"CVE-2023-22046",
"CVE-2023-22048",
"CVE-2023-22053",
"CVE-2023-22054",
"CVE-2023-22056",
"CVE-2023-22057",
"CVE-2023-22058",
"CVE-2023-22059",
"CVE-2023-22064",
"CVE-2023-22065",
"CVE-2023-22066",
"CVE-2023-22068",
"CVE-2023-22070",
"CVE-2023-22078",
"CVE-2023-22079",
"CVE-2023-22084",
"CVE-2023-22092",
"CVE-2023-22097",
"CVE-2023-22103",
"CVE-2023-22104",
"CVE-2023-22110",
"CVE-2023-22111",
"CVE-2023-22112",
"CVE-2023-22113",
"CVE-2023-22114",
"CVE-2023-22115",
"CVE-2024-20960",
"CVE-2024-20961",
"CVE-2024-20962",
"CVE-2024-20963",
"CVE-2024-20964",
"CVE-2024-20965",
"CVE-2024-20966",
"CVE-2024-20967",
"CVE-2024-20968",
"CVE-2024-20969",
"CVE-2024-20970",
"CVE-2024-20971",
"CVE-2024-20972",
"CVE-2024-20973",
"CVE-2024-20974",
"CVE-2024-20976",
"CVE-2024-20977",
"CVE-2024-20978",
"CVE-2024-20981",
"CVE-2024-20982",
"CVE-2024-20983",
"CVE-2024-20984",
"CVE-2024-20985",
"CVE-2024-20993",
"CVE-2024-21015",
"CVE-2024-21049",
"CVE-2024-21050",
"CVE-2024-21051",
"CVE-2024-21052",
"CVE-2024-21053",
"CVE-2024-21055",
"CVE-2024-21056",
"CVE-2024-21057",
"CVE-2024-21061"
);
script_xref(name:"RHSA", value:"2024:2619");
script_name(english:"RHEL 7 : rh-mysql80-mysql (RHSA-2024:2619)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for rh-mysql80-mysql.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:2619 advisory.
MySQL is a multi-user, multi-threaded SQL database server. It consists of the
MySQL server daemon, mysqld, and many client programs.
The following packages have been upgraded to a later upstream version:
rh-mysql80-mysql (8.0.36)
Security fixes:
* mysql: Client programs unspecified vulnerability (CVE-2023-21980, CVE-2023-22053)
* mysql: InnoDB unspecified vulnerability (CVE-2023-21911, CVE-2023-22008, CVE-2023-22033, CVE-2023-22066,
CVE-2023-22068, CVE-2023-22084, CVE-2023-22097, CVE-2023-22104, CVE-2023-22114)
* mysql: Server : Security : Firewall unspecified vulnerability (CVE-2024-20984)
* mysql: Server: Audit Plug-in unspecified vulnerability (CVE-2024-21061)
* mysql: Server: Components Services unspecified vulnerability (CVE-2023-21940, CVE-2023-21947,
CVE-2023-21962)
* mysql: Server: DDL unspecified vulnerability (CVE-2023-21919, CVE-2023-21929, CVE-2023-21933,
CVE-2023-22058, CVE-2024-20969, CVE-2024-20981)
* mysql: Server: DML unspecified vulnerability (CVE-2023-21972, CVE-2023-22115, CVE-2024-20983,
CVE-2024-21015, CVE-2024-21049, CVE-2024-21050, CVE-2024-21051, CVE-2024-21052, CVE-2024-21053,
CVE-2024-21056)
* mysql: Server: JSON unspecified vulnerability (CVE-2023-21966)
* mysql: Server: Optimizer unspecified vulnerability (CVE-2023-21920, CVE-2023-21935, CVE-2023-21945,
CVE-2023-21946, CVE-2023-21976, CVE-2023-21977, CVE-2023-21982, CVE-2023-22032, CVE-2023-22046,
CVE-2023-22054, CVE-2023-22056, CVE-2023-22059, CVE-2023-22064, CVE-2023-22065, CVE-2023-22070,
CVE-2023-22078, CVE-2023-22079, CVE-2023-22092, CVE-2023-22103, CVE-2023-22110, CVE-2023-22112,
CVE-2024-20961, CVE-2024-20962, CVE-2024-20965, CVE-2024-20966, CVE-2024-20970, CVE-2024-20971,
CVE-2024-20972, CVE-2024-20973, CVE-2024-20974, CVE-2024-20976, CVE-2024-20977, CVE-2024-20978,
CVE-2024-20982, CVE-2024-20993, CVE-2024-21055, CVE-2024-21057)
* mysql: Server: Options unspecified vulnerability (CVE-2024-20968)
* mysql: Server: Partition unspecified vulnerability (CVE-2023-21953, CVE-2023-21955)
* mysql: Server: Pluggable Auth unspecified vulnerability (CVE-2023-22048)
* mysql: Server: RAPID unspecified vulnerability (CVE-2024-20960)
* mysql: Server: Replication unspecified vulnerability (CVE-2023-22005, CVE-2023-22007, CVE-2023-22057,
CVE-2024-20967)
* mysql: Server: Security: Encryption unspecified vulnerability (CVE-2023-22113, CVE-2024-20963)
* mysql: Server: Security: Privileges unspecified vulnerability (CVE-2023-22038, CVE-2024-20964)
* mysql: Server: UDF unspecified vulnerability (CVE-2023-22111, CVE-2024-20985)
* zstd: mysql: buffer overrun in util.c (CVE-2022-4899)
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_2619.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?33e871df");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:2619");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2179864");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188109");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188116");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188117");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188118");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188119");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188120");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188122");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188123");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188124");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188125");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188127");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188128");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188129");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188130");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188131");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2188132");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224211");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224212");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224213");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224214");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224215");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224216");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224217");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224218");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224219");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224220");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224221");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2224222");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245014");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245016");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245017");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245018");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245019");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245020");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245021");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245022");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245023");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245024");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245026");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245027");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245028");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245029");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245030");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245031");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245033");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2245034");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258771");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258772");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258773");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258774");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258775");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258776");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258777");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258778");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258779");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258780");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258781");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258782");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258783");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258784");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258785");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258787");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258788");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258789");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258790");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258791");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258792");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258793");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2258794");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275428");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275435");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275437");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275438");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275439");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275440");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275441");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275444");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275445");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275446");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2275448");
script_set_attribute(attribute:"solution", value:
"Update the RHEL rh-mysql80-mysql package based on the guidance in RHSA-2024:2619.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-21980");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(400);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/03/31");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-icu-data-files");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/debug',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/os',
'content/dist/rhel-alt/server/7/7Server/power9/ppc64le/rhscl/1/source/SRPMS',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/debug',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/os',
'content/dist/rhel-alt/server/7/7Server/system-z-a/s390x/rhscl/1/source/SRPMS',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/debug',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/os',
'content/dist/rhel/power-le/7/7Server/ppc64le/rhscl/1/source/SRPMS',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/debug',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/os',
'content/dist/rhel/power/7/7Server/ppc64/rhscl/1/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhscl/1/source/SRPMS',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/debug',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/os',
'content/dist/rhel/system-z/7/7Server/s390x/rhscl/1/source/SRPMS',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/debug',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/os',
'content/dist/rhel/workstation/7/7Workstation/x86_64/rhscl/1/source/SRPMS'
],
'pkgs': [
{'reference':'rh-mysql80-mysql-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-common-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-common-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-common-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-config-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-config-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-config-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-config-syspaths-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-config-syspaths-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-config-syspaths-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-devel-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-devel-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-devel-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-errmsg-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-errmsg-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-errmsg-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-icu-data-files-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-icu-data-files-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-icu-data-files-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-server-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-server-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-server-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-server-syspaths-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-server-syspaths-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-server-syspaths-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-syspaths-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-syspaths-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-syspaths-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-test-8.0.36-1.el7', 'cpu':'ppc64le', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-test-8.0.36-1.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE},
{'reference':'rh-mysql80-mysql-test-8.0.36-1.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'rh-mysql80-mysql / rh-mysql80-mysql-common / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | rh-mysql80-mysql-errmsg | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-errmsg |
redhat | enterprise_linux | rh-mysql80-mysql-server-syspaths | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server-syspaths |
redhat | enterprise_linux | rh-mysql80-mysql-test | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-test |
redhat | enterprise_linux | rh-mysql80-mysql-config-syspaths | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config-syspaths |
redhat | enterprise_linux | rh-mysql80-mysql-syspaths | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-syspaths |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | rh-mysql80-mysql-devel | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-devel |
redhat | enterprise_linux | rh-mysql80-mysql | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql |
redhat | enterprise_linux | rh-mysql80-mysql-server | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-server |
redhat | enterprise_linux | rh-mysql80-mysql-config | p-cpe:/a:redhat:enterprise_linux:rh-mysql80-mysql-config |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4899
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21911
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21919
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21920
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21929
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21933
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21935
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21940
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21945
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21946
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21947
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21953
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21955
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21980
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-21982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22005
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22007
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22008
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22032
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22033
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22038
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22046
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22048
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22054
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22058
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22059
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22064
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22065
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22066
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22068
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22070
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22078
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22079
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22084
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22092
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22097
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22103
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22104
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22110
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22111
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22112
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22113
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22114
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-22115
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20960
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20961
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20962
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20963
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20964
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20965
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20966
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20967
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20968
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20969
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20970
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20971
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20972
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20973
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20974
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20976
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20977
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20978
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20981
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20982
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20983
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20984
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20985
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20993
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21015
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21050
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21051
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21052
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21053
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21055
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21056
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21057
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-21061
www.nessus.org/u?33e871df
access.redhat.com/errata/RHSA-2024:2619
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2179864
bugzilla.redhat.com/show_bug.cgi?id=2188109
bugzilla.redhat.com/show_bug.cgi?id=2188113
bugzilla.redhat.com/show_bug.cgi?id=2188115
bugzilla.redhat.com/show_bug.cgi?id=2188116
bugzilla.redhat.com/show_bug.cgi?id=2188117
bugzilla.redhat.com/show_bug.cgi?id=2188118
bugzilla.redhat.com/show_bug.cgi?id=2188119
bugzilla.redhat.com/show_bug.cgi?id=2188120
bugzilla.redhat.com/show_bug.cgi?id=2188121
bugzilla.redhat.com/show_bug.cgi?id=2188122
bugzilla.redhat.com/show_bug.cgi?id=2188123
bugzilla.redhat.com/show_bug.cgi?id=2188124
bugzilla.redhat.com/show_bug.cgi?id=2188125
bugzilla.redhat.com/show_bug.cgi?id=2188127
bugzilla.redhat.com/show_bug.cgi?id=2188128
bugzilla.redhat.com/show_bug.cgi?id=2188129
bugzilla.redhat.com/show_bug.cgi?id=2188130
bugzilla.redhat.com/show_bug.cgi?id=2188131
bugzilla.redhat.com/show_bug.cgi?id=2188132
bugzilla.redhat.com/show_bug.cgi?id=2224211
bugzilla.redhat.com/show_bug.cgi?id=2224212
bugzilla.redhat.com/show_bug.cgi?id=2224213
bugzilla.redhat.com/show_bug.cgi?id=2224214
bugzilla.redhat.com/show_bug.cgi?id=2224215
bugzilla.redhat.com/show_bug.cgi?id=2224216
bugzilla.redhat.com/show_bug.cgi?id=2224217
bugzilla.redhat.com/show_bug.cgi?id=2224218
bugzilla.redhat.com/show_bug.cgi?id=2224219
bugzilla.redhat.com/show_bug.cgi?id=2224220
bugzilla.redhat.com/show_bug.cgi?id=2224221
bugzilla.redhat.com/show_bug.cgi?id=2224222
bugzilla.redhat.com/show_bug.cgi?id=2245014
bugzilla.redhat.com/show_bug.cgi?id=2245015
bugzilla.redhat.com/show_bug.cgi?id=2245016
bugzilla.redhat.com/show_bug.cgi?id=2245017
bugzilla.redhat.com/show_bug.cgi?id=2245018
bugzilla.redhat.com/show_bug.cgi?id=2245019
bugzilla.redhat.com/show_bug.cgi?id=2245020
bugzilla.redhat.com/show_bug.cgi?id=2245021
bugzilla.redhat.com/show_bug.cgi?id=2245022
bugzilla.redhat.com/show_bug.cgi?id=2245023
bugzilla.redhat.com/show_bug.cgi?id=2245024
bugzilla.redhat.com/show_bug.cgi?id=2245026
bugzilla.redhat.com/show_bug.cgi?id=2245027
bugzilla.redhat.com/show_bug.cgi?id=2245028
bugzilla.redhat.com/show_bug.cgi?id=2245029
bugzilla.redhat.com/show_bug.cgi?id=2245030
bugzilla.redhat.com/show_bug.cgi?id=2245031
bugzilla.redhat.com/show_bug.cgi?id=2245032
bugzilla.redhat.com/show_bug.cgi?id=2245033
bugzilla.redhat.com/show_bug.cgi?id=2245034
bugzilla.redhat.com/show_bug.cgi?id=2258771
bugzilla.redhat.com/show_bug.cgi?id=2258772
bugzilla.redhat.com/show_bug.cgi?id=2258773
bugzilla.redhat.com/show_bug.cgi?id=2258774
bugzilla.redhat.com/show_bug.cgi?id=2258775
bugzilla.redhat.com/show_bug.cgi?id=2258776
bugzilla.redhat.com/show_bug.cgi?id=2258777
bugzilla.redhat.com/show_bug.cgi?id=2258778
bugzilla.redhat.com/show_bug.cgi?id=2258779
bugzilla.redhat.com/show_bug.cgi?id=2258780
bugzilla.redhat.com/show_bug.cgi?id=2258781
bugzilla.redhat.com/show_bug.cgi?id=2258782
bugzilla.redhat.com/show_bug.cgi?id=2258783
bugzilla.redhat.com/show_bug.cgi?id=2258784
bugzilla.redhat.com/show_bug.cgi?id=2258785
bugzilla.redhat.com/show_bug.cgi?id=2258787
bugzilla.redhat.com/show_bug.cgi?id=2258788
bugzilla.redhat.com/show_bug.cgi?id=2258789
bugzilla.redhat.com/show_bug.cgi?id=2258790
bugzilla.redhat.com/show_bug.cgi?id=2258791
bugzilla.redhat.com/show_bug.cgi?id=2258792
bugzilla.redhat.com/show_bug.cgi?id=2258793
bugzilla.redhat.com/show_bug.cgi?id=2258794
bugzilla.redhat.com/show_bug.cgi?id=2275428
bugzilla.redhat.com/show_bug.cgi?id=2275435
bugzilla.redhat.com/show_bug.cgi?id=2275437
bugzilla.redhat.com/show_bug.cgi?id=2275438
bugzilla.redhat.com/show_bug.cgi?id=2275439
bugzilla.redhat.com/show_bug.cgi?id=2275440
bugzilla.redhat.com/show_bug.cgi?id=2275441
bugzilla.redhat.com/show_bug.cgi?id=2275444
bugzilla.redhat.com/show_bug.cgi?id=2275445
bugzilla.redhat.com/show_bug.cgi?id=2275446
bugzilla.redhat.com/show_bug.cgi?id=2275448
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
6.8 Medium
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
62.2%