Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.RHCOS-RHSA-2023-0697.NASLHistoryJan 24, 2024 - 12:00 a.m.
RHCOS 4 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)
2024-01-2400:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
rhcos 4
openshift container platform
rhsa-2023:0697
snakeyaml
constructor class
jenkins
remote code execution
cve-2022-1471
cve-2022-34174
security vulnerabilities
untrusted content
timing discrepancy
nessus scanner
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.3%
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:0697 advisory.
-
SnakeYaml’s Constructor() class does not restrict types which can be instantiated during deserialization.
Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using SnakeYaml’s SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend upgrading to version 2.0 and beyond. (CVE-2022-1471) -
In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form allows distinguishing between login attempts with an invalid username, and login attempts with a valid username and wrong password, when using the Jenkins user database security realm. (CVE-2022-34174)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2023:0697. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(189438);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/01/24");
script_cve_id("CVE-2022-1471", "CVE-2022-34174");
script_xref(name:"RHSA", value:"2023:0697");
script_name(english:"RHCOS 4 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat CoreOS host is missing one or more security updates for OpenShift Container Platform 4.10.52.");
script_set_attribute(attribute:"description", value:
"The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities
as referenced in the RHSA-2023:0697 advisory.
- SnakeYaml's Constructor() class does not restrict types which can be instantiated during deserialization.
Deserializing yaml content provided by an attacker can lead to remote code execution. We recommend using
SnakeYaml's SafeConsturctor when parsing untrusted content to restrict deserialization. We recommend
upgrading to version 2.0 and beyond. (CVE-2022-1471)
- In Jenkins 2.355 and earlier, LTS 2.332.3 and earlier, an observable timing discrepancy on the login form
allows distinguishing between login attempts with an invalid username, and login attempts with a valid
username and wrong password, when using the Jenkins user database security realm. (CVE-2022-34174)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-1471");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2022-34174");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2023:0697");
script_set_attribute(attribute:"solution", value:
"Update the RHCOS OpenShift Container Platform 4.10.52 package based on the guidance in RHSA-2023:0697.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-34174");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-1471");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 203, 208, 502, 1066);
script_set_attribute(attribute:"vendor_severity", value:"Important");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/06/22");
script_set_attribute(attribute:"patch_publication_date", value:"2023/02/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8:coreos");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jenkins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat CoreOS');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '4.10')) audit(AUDIT_OS_NOT, 'Red Hat CoreOS 4.10', 'Red Hat CoreOS ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat CoreOS', cpu);
var pkgs = [
{'reference':'jenkins-2-plugins-4.10.1675407676-1.el8', 'release':'4', 'el_string':'el8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'},
{'reference':'jenkins-2.361.1.1675406172-1.el8', 'release':'4', 'el_string':'el8', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'openshift-hyperkube'}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'RHCOS' + package_array['release'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (reference &&
_release &&
(!exists_check || rpm_exists(release:_release, rpm:exists_check)) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8:coreos |
| redhat | enterprise_linux | jenkins-2-plugins | p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins |
| redhat | enterprise_linux | jenkins | p-cpe:/a:redhat:enterprise_linux:jenkins |
Related
nessus
nessus
RHEL 8 : OpenShift Container Platform 4.10.52 (RHSA-2023:0697)
2024-04-28 00:00:00
Rocky Linux 8 : prometheus-jmx-exporter (RLSA-2022:9058)
2023-01-30 00:00:00
redhat
redhat
(RHSA-2022:9058) Important: prometheus-jmx-exporter security update
2022-12-15 15:08:09
alpinelinux
alpinelinux
CVE-2022-34174
2022-06-23 17:15:15
osv
osv
BIT-jenkins-2022-34174
2024-03-06 10:57:20
CVE-2022-34174
2022-06-23 17:15:15
openvas
openvas
nvd
nvd
cvelist
cvelist
CVE-2022-34174
2022-06-22 14:40:56
CVE-2022-1471 Remote Code execution in SnakeYAML
2022-12-01 10:47:07
redhatcve
redhatcve
CVE-2022-34174
2022-08-19 05:15:12
CVE-2022-1471
2022-12-01 15:56:23
cnvd
cnvd
Jenkins user enumeration vulnerability
2022-06-27 00:00:00
cve
cve
prion
prion
Default credentials
2022-06-23 17:15:00
Deserialization of untrusted data
2022-12-01 11:15:00
Design/Logic Flaw
2023-11-20 09:15:00
github
github
SnakeYaml Constructor Deserialization Remote Code Execution
2022-12-12 21:19:47
Deserialization of Untrusted Data in apache-submarine
2023-11-20 09:30:31
oraclelinux
oraclelinux
prometheus-jmx-exporter security update
2022-12-15 00:00:00
hackerone
hackerone
ibm
ibm
atlassian
atlassian
RCE (Remote Code Execution) in - CVE-2022-1471
2023-10-08 08:44:33
f5
f5
K000132638 : SnakeYAML vulnerability CVE-2022-1471
2023-02-16 00:00:00
cgr
cgr
CVE-2022-1471 vulnerabilities
2024-04-30 09:06:13
debiancve
debiancve
CVE-2022-1471
2022-12-01 11:15:10
rocky
rocky
prometheus-jmx-exporter security update
2022-12-15 15:08:09
Satellite 6.13 Release
2023-05-05 15:39:58
redos
redos
ROS-20240514-03
2024-05-14 00:00:00
veracode
veracode
Remote Code Execution (RCE)
2022-12-02 17:22:00
almalinux
almalinux
Important: prometheus-jmx-exporter security update
2022-12-15 00:00:00
ubuntucve
ubuntucve
CVE-2022-1471
2022-12-01 00:00:00
githubexploit
githubexploit
Exploit for Deserialization of Untrusted Data in Snakeyaml Project Snakeyaml
2023-03-02 16:33:02
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2023-10-13 17:03:36
thn
thn
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
2023-10-03 16:24:00
Atlassian Releases Critical Software Fixes to Prevent Remote Code Execution
2023-12-06 09:18:00
metasploit
metasploit
PyTorch Model Server Registration and Deserialization RCE
2023-10-12 13:27:26
packetstorm
packetstorm
PyTorch Model Server Registration / Deserialization Remote Code Execution
2023-10-13 00:00:00
zdt
zdt
hivepro
hivepro
Atlassian Addresses Critical RCE Flaws
2023-12-07 12:45:52
freebsd
freebsd
jenkins -- multiple vulnerabilities
2022-06-22 00:00:00
qualysblog
qualysblog
Oracle Patch Update, April 2024 Security Update Review
2024-04-17 14:39:59
Oracle Patch Update, January 2024 Security Update Review
2024-01-17 15:29:33
Oracle Patch Tuesday April 2023 Security Update Review
2023-04-19 11:47:21
oracle
oracle
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - July 2023
2023-07-18 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
10 High
AI Score
Confidence
High
0.026 Low
EPSS
Percentile
90.3%
Related for RHCOS-RHSA-2023-0697.NASL