Amazon Linux 2 : ipa-client (ALAS-2020-1519)

medium Nessus Plugin ID 141974
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Amazon Linux 2 host is missing a security update.

Description

The version of tested product installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2020-1519 advisory.

- jQuery before 3.0.0 is vulnerable to Cross-site Scripting (XSS) attacks when a cross-domain Ajax request is performed without the dataType option, causing text/javascript responses to be executed.
(CVE-2015-9251)

- In Bootstrap 3.x before 3.4.0 and 4.x-beta before 4.0.0-beta.2, XSS is possible in the data-target attribute, a different vulnerability than CVE-2018-14041. (CVE-2016-10735)

- In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute. (CVE-2018-14040)

- In Bootstrap before 4.1.2, XSS is possible in the data-target property of scrollspy. (CVE-2018-14041)

- In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. (CVE-2018-14042)

- In Bootstrap before 3.4.0, XSS is possible in the tooltip data-viewport attribute. (CVE-2018-20676)

- In Bootstrap before 3.4.0, XSS is possible in the affix configuration target property. (CVE-2018-20677)

- jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable
__proto__ property, it could extend the native Object.prototype. (CVE-2019-11358)

- In Bootstrap before 3.4.1 and 4.3.x before 4.3.1, XSS is possible in the tooltip or popover data-template attribute. (CVE-2019-8331)

- In jQuery versions greater than or equal to 1.2 and before 3.5.0, passing HTML from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0. (CVE-2020-11022)

- A flaw was found in all ipa versions 4.x.x through 4.8.0. When sending a very long password (>= 1,000,000 characters) to the server, the password hashing process could exhaust memory and CPU leading to a denial of service and the website becoming unresponsive. The highest threat from this vulnerability is to system availability. (CVE-2020-1722)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Run 'yum update ipa' to update your system.

See Also

https://alas.aws.amazon.com/AL2/ALAS-2020-1519.html

https://access.redhat.com/security/cve/CVE-2015-9251

https://access.redhat.com/security/cve/CVE-2016-10735

https://access.redhat.com/security/cve/CVE-2018-14040

https://access.redhat.com/security/cve/CVE-2018-14042

https://access.redhat.com/security/cve/CVE-2018-20676

https://access.redhat.com/security/cve/CVE-2018-20677

https://access.redhat.com/security/cve/CVE-2019-11358

https://access.redhat.com/security/cve/CVE-2019-8331

https://access.redhat.com/security/cve/CVE-2020-11022

https://access.redhat.com/security/cve/CVE-2020-1722

Plugin Details

Severity: Medium

ID: 141974

File Name: al2_ALAS-2020-1519.nasl

Version: 1.3

Type: local

Agent: unix

Published: 10/28/2020

Updated: 4/15/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-11022

VPR

Risk Factor: Medium

Score: 5.7

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:amazon:linux:ipa-client, p-cpe:/a:amazon:linux:ipa-client-common, p-cpe:/a:amazon:linux:ipa-common, p-cpe:/a:amazon:linux:ipa-debuginfo, p-cpe:/a:amazon:linux:ipa-python-compat, p-cpe:/a:amazon:linux:ipa-server, p-cpe:/a:amazon:linux:ipa-server-common, p-cpe:/a:amazon:linux:ipa-server-dns, p-cpe:/a:amazon:linux:ipa-server-trust-ad, p-cpe:/a:amazon:linux:python2-ipaclient, p-cpe:/a:amazon:linux:python2-ipalib, p-cpe:/a:amazon:linux:python2-ipaserver, cpe:/o:amazon:linux:2

Required KB Items: Host/local_checks_enabled, Host/AmazonLinux/release, Host/AmazonLinux/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 10/22/2020

Vulnerability Publication Date: 1/18/2018

Reference Information

CVE: CVE-2015-9251, CVE-2016-10735, CVE-2018-14040, CVE-2018-14041, CVE-2018-14042, CVE-2018-20676, CVE-2018-20677, CVE-2019-8331, CVE-2019-11358, CVE-2020-1722, CVE-2020-11022

BID: 105658, 107375, 108023, 108961

ALAS: 2020-1519