Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.SUSE_SU-2023-4124-1.NASL
HistoryOct 20, 2023 - 12:00 a.m.

SUSE SLES15 Security Update : helm (SUSE-SU-2023:4124-1)

2023-10-2000:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
suse
sles15
security update
helm
vulnerabilities
http/2
containerd
denial of service
cve-2022-41723
cve-2023-25173
dockerfile
nessus
scanner

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.024 Low

EPSS

Percentile

90.0%

JSON

The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:4124-1 advisory.

  • A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  • containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and 1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct access to a container and manipulates their supplementary group access, they may be able to use supplementary group access to bypass primary group restrictions in some cases, potentially gaining access to sensitive information or gaining the ability to execute code in that container. Downstream applications that use the containerd client library may be affected as well. This bug has been fixed in containerd v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue.
    Users who rely on a downstream application that uses containerd’s client library should check that application for a separate advisory and instructions. As a workaround, ensure that the USER $USERNAME Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to ENTRYPOINT [su, -, user] to allow su to properly set up supplementary groups. (CVE-2023-25173)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2023:4124-1. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(183496);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/20");

  script_cve_id("CVE-2022-41723", "CVE-2023-25173");
  script_xref(name:"SuSE", value:"SUSE-SU-2023:4124-1");

  script_name(english:"SUSE SLES15 Security Update : helm (SUSE-SU-2023:4124-1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2023:4124-1 advisory.

  - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient
    to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  - containerd is an open source container runtime. A bug was found in containerd prior to versions 1.6.18 and
    1.5.18 where supplementary groups are not set up properly inside a container. If an attacker has direct
    access to a container and manipulates their supplementary group access, they may be able to use
    supplementary group access to bypass primary group restrictions in some cases, potentially gaining access
    to sensitive information or gaining the ability to execute code in that container. Downstream applications
    that use the containerd client library may be affected as well. This bug has been fixed in containerd
    v1.6.18 and v.1.5.18. Users should update to these versions and recreate containers to resolve this issue.
    Users who rely on a downstream application that uses containerd's client library should check that
    application for a separate advisory and instructions. As a workaround, ensure that the `USER $USERNAME`
    Dockerfile instruction is not used. Instead, set the container entrypoint to a value similar to
    `ENTRYPOINT [su, -, user]` to allow `su` to properly set up supplementary groups. (CVE-2023-25173)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1183043");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215588");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1215711");
  # https://lists.suse.com/pipermail/sle-security-updates/2023-October/016751.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b0790685");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2022-41723");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-25173");
  script_set_attribute(attribute:"solution", value:
"Update the affected helm, helm-bash-completion and / or helm-zsh-completion packages.");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-25173");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/10/20");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:helm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:helm-bash-completion");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:helm-zsh-completion");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "SUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)(?:_SAP)?\d+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SLES_SAP15)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / SLES_SAP15', 'SUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP3/4/5", os_ver + " SP" + service_pack);
if (os_ver == "SLES_SAP15" && (! preg(pattern:"^(3|4|5)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES_SAP15 SP3/4/5", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'helm-bash-completion-3.13.1-150000.1.26.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'helm-zsh-completion-3.13.1-150000.1.26.1', 'sp':'3', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.3']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'helm-bash-completion-3.13.1-150000.1.26.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'helm-zsh-completion-3.13.1-150000.1.26.1', 'sp':'4', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.4']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'helm-bash-completion-3.13.1-150000.1.26.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'helm-zsh-completion-3.13.1-150000.1.26.1', 'sp':'5', 'release':'SLES_SAP15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLES_SAP-release-15.5']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'helm-bash-completion-3.13.1-150000.1.26.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'helm-zsh-completion-3.13.1-150000.1.26.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-ESPOS-release-3']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'3', 'cpu':'aarch64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'3', 'cpu':'x86_64', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3']},
    {'reference':'helm-bash-completion-3.13.1-150000.1.26.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'helm-zsh-completion-3.13.1-150000.1.26.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-LTSS-release-15.3', 'sles-ltss-release-15.3']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-containers-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'helm-bash-completion-3.13.1-150000.1.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-containers-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'helm-zsh-completion-3.13.1-150000.1.26.1', 'sp':'4', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.4', 'SUSE-Manager-Proxy-release-4.3', 'SUSE-Manager-Server-release-4.3', 'sle-module-containers-release-15.4', 'sles-release-15.4', 'suse-manager-server-release-4.3']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-containers-release-15.5', 'sles-release-15.5']},
    {'reference':'helm-bash-completion-3.13.1-150000.1.26.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-containers-release-15.5', 'sles-release-15.5']},
    {'reference':'helm-zsh-completion-3.13.1-150000.1.26.1', 'sp':'5', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['SLE_HPC-release-15.5', 'sle-module-containers-release-15.5', 'sles-release-15.5']},
    {'reference':'helm-3.13.1-150000.1.26.1', 'sp':'3', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sles-ltss-release-15.3']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        if ('ltss' >< tolower(check)) ltss_caveat_required = TRUE;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  var ltss_plugin_caveat = NULL;
  if(ltss_caveat_required) ltss_plugin_caveat = '\n' +
    'NOTE: This vulnerability check contains fixes that apply to\n' +
    'packages only available in SUSE Enterprise Linux Server LTSS\n' +
    'repositories. Access to these package security updates require\n' +
    'a paid SUSE LTSS subscription.\n';
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get() + ltss_plugin_caveat
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'helm / helm-bash-completion / helm-zsh-completion');
}
VendorProductVersionCPE
novellsuse_linuxhelmp-cpe:/a:novell:suse_linux:helm
novellsuse_linuxhelm-bash-completionp-cpe:/a:novell:suse_linux:helm-bash-completion
novellsuse_linuxhelm-zsh-completionp-cpe:/a:novell:suse_linux:helm-zsh-completion
novellsuse_linux15cpe:/o:novell:suse_linux:15

Related

openvas 40
redhat 11
cbl_mariner 8
veracode 3
redhatcve 3
nessus 56
nvd 3
cgr 2
debiancve 2
cvelist 3
wolfi 2
alpinelinux 2
prion 2
cve 3
ubuntucve 3
fedora 22
amazon 5
ibm 17
osv 5
redos 2
gitlab 1
github 1
ubuntu 1
vulnrichment 1
mageia 1
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:4124-1)
2023-10-20 00:00:00
Fedora: Security Advisory for golang-github-cli-oauth (FEDORA-2023-cb20f08a4e)
2023-04-21 00:00:00
Fedora: Security Advisory for golang-github-gabriel-vasile-mimetype (FEDORA-2023-cb20f08a4e)
2023-04-21 00:00:00
redhat
redhat
(RHSA-2023:3537) Moderate: OpenShift Container Platform 4.13.3 bug fix and security update
2023-06-13 13:08:13
(RHSA-2023:4671) Moderate: OpenShift Container Platform 4.12.30 bug fix and security update
2023-08-23 16:28:16
(RHSA-2023:7058) Moderate: rhc security, bug fix, and enhancement update
2023-11-14 08:44:18
cbl_mariner
cbl_mariner
CVE-2023-25173 affecting package moby-containerd 1.6.6+azure-7
2023-03-16 03:40:27
CVE-2023-25173 affecting package k3s 1.24.12-2
2024-07-05 21:08:40
CVE-2023-25173 affecting package moby-containerd for versions less than 1.6.18-2
2023-03-24 23:56:25
veracode
veracode
Privilege Escalation
2023-02-17 08:54:33
Denial Of Service (DoS)
2023-02-26 12:22:40
Denial Of Service (DoS)
2023-02-18 18:10:53
redhatcve
redhatcve
CVE-2023-25173
2023-03-01 20:29:40
CVE-2022-41723
2023-03-14 23:43:00
CVE-2024-4436
2024-05-06 17:25:37
nessus
nessus
Amazon Linux 2023 : containerd, containerd-stress (ALAS2023-2023-374)
2023-10-03 00:00:00
RHEL 7 : containerd (Unpatched Vulnerability)
2024-05-11 00:00:00
Fedora 37 : doctl / golang-github-digitalocean-godo (2023-3737bc1c0a)
2023-04-24 00:00:00
nvd
nvd
CVE-2023-25173
2023-02-16 15:15:20
CVE-2022-41723
2023-02-28 18:15:09
CVE-2024-4436
2024-05-08 09:15:09
cgr
cgr
CVE-2023-25173 vulnerabilities
2024-05-19 03:07:16
CVE-2022-41723 vulnerabilities
2024-05-19 03:07:16
debiancve
debiancve
CVE-2023-25173
2023-02-16 15:15:20
CVE-2022-41723
2023-02-28 18:15:09
cvelist
cvelist
CVE-2023-25173 containerd supplementary groups are not set up properly
2023-02-16 14:09:12
CVE-2022-41723 Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
2023-02-28 17:19:45
CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform
2024-05-08 08:57:12
wolfi
wolfi
CVE-2023-25173 vulnerabilities
2024-07-05 21:08:40
CVE-2022-41723 vulnerabilities
2024-07-05 21:08:40
alpinelinux
alpinelinux
CVE-2023-25173
2023-02-16 15:15:20
CVE-2022-41723
2023-02-28 18:15:09
prion
prion
Design/Logic Flaw
2023-02-16 15:15:00
Code injection
2023-02-28 18:15:00
cve
cve
CVE-2023-25173
2023-02-16 15:15:20
CVE-2022-41723
2023-02-28 18:15:09
CVE-2024-4436
2024-05-08 09:15:09
ubuntucve
ubuntucve
CVE-2023-25173
2023-02-16 00:00:00
CVE-2022-41723
2023-02-28 00:00:00
CVE-2024-4436
2024-05-08 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: skopeo-1.11.2-1.fc37
2023-04-12 01:34:16
[SECURITY] Fedora 37 Update: golang-github-gabriel-vasile-mimetype-1.4.2-1.fc37
2023-04-20 02:54:37
[SECURITY] Fedora 37 Update: golang-github-cli-oauth-1.0.1-2.fc37
2023-04-20 02:54:37
amazon
amazon
Important: cni-plugins
2023-08-03 18:10:00
Important: docker
2023-10-30 23:31:00
Important: rclone
2023-07-17 17:40:00
ibm
ibm
Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Advanced
2023-03-29 19:12:14
Security Bulletin: CVE-2022-41723 may affect IBM CICS TX Standard
2023-03-29 19:07:06
Security Bulletin: Vulnerability in Golang Go affect IBM Cloud Pak System [CVE-2022-41723]
2023-11-22 18:01:45
osv
osv
Denial of service via crafted HTTP/2 stream in net/http and golang.org/x/net
2023-02-16 22:31:36
CVE-2022-41723
2023-02-28 18:15:09
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
2023-02-17 14:00:02
redos
redos
ROS-20231030-04
2023-10-30 00:00:00
ROS-20230322-02
2023-03-22 00:00:00
gitlab
gitlab
Uncontrolled Resource Consumption
2023-02-17 00:00:00
github
github
golang.org/x/net vulnerable to Uncontrolled Resource Consumption
2023-02-17 14:00:02
ubuntu
ubuntu
containerd vulnerabilities
2023-07-05 00:00:00
vulnrichment
vulnrichment
CVE-2024-4436 Etcd: incomplete fix for cve-2022-41723 in openstack platform
2024-05-08 08:57:12
mageia
mageia
Updated docker-containerd packages fix security vulnerability
2023-08-23 22:56:41

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

0.024 Low

EPSS

Percentile

90.0%

JSON
Related for SUSE_SU-2023-4124-1.NASL
openvas40redhat11cbl_mariner8veracode3redhatcve3nessus56nvd3cgr2debiancve2cvelist3wolfi2alpinelinux2prion2cve3ubuntucve3fedora22amazon5ibm17osv5redos2gitlab1github1ubuntu1vulnrichment1mageia1