Detections
Analytics
RHEL 9 : Red Hat Single Sign-On 7.6.2 security update on RHEL 9 (Important) (RHSA-2023:1045)
critical Nessus Plugin ID 172039
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:1045 advisory.- bootstrap: Cross-site Scripting (XSS) in the collapse data-parent attribute (CVE-2018-14040)
- bootstrap: Cross-site Scripting (XSS) in the data-container property of tooltip (CVE-2018-14042)
- jquery: Prototype pollution in object's prototype leading to denial of service, remote code execution, or property injection (CVE-2019-11358)
- jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method (CVE-2020-11022)
- jquery: Untrusted code execution via <option> tag in HTML passed to DOM manipulation methods (CVE-2020-11023)
- glob-parent: Regular Expression Denial of Service (CVE-2021-35065)
- minimist: prototype pollution (CVE-2021-44906)
- keycloak: HTML injection in execute-actions-email Admin REST API (CVE-2022-1274)
- keycloak: XSS on impersonation under specific circumstances (CVE-2022-1438)
- SnakeYaml: Constructor Deserialization Remote Code Execution (CVE-2022-1471)
- Moment.js: Path traversal in moment.locale (CVE-2022-24785)
- snakeyaml: Denial of Service due to missing nested depth limitation for collections (CVE-2022-25857)
- Undertow: DoS can be achieved as Undertow server waits for the LAST_CHUNK forever for EJB invocations (CVE-2022-2764)
- moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
- loader-utils:Regular expression denial of service (CVE-2022-37603)
- keycloak: path traversal via double URL encoding (CVE-2022-3782)
- snakeyaml: Uncaught exception in org.yaml.snakeyaml.composer.Composer.composeSequenceNode (CVE-2022-38749)
- snakeyaml: Uncaught exception in org.yaml.snakeyaml.constructor.BaseConstructor.constructObject (CVE-2022-38750)
- snakeyaml: Uncaught exception in java.base/java.util.regex.Pattern$Ques.match (CVE-2022-38751)
- keycloak: Session takeover with OIDC offline refreshtokens (CVE-2022-3916)
- jettison: parser crash by stackoverflow (CVE-2022-40149)
- jettison: memory exhaustion via user-supplied XML or JSON data (CVE-2022-40150)
- keycloak: reflected XSS attack (CVE-2022-4137)
- jackson-databind: deep wrapper array nesting wrt UNWRAP_SINGLE_VALUE_ARRAYS (CVE-2022-42003)
- jackson-databind: use of deeply nested arrays (CVE-2022-42004)
- mina-sshd: Java unsafe deserialization vulnerability (CVE-2022-45047)
- jettison: If the value in map is the map's self, the new new JSONObject(map) cause StackOverflowError which may lead to dos (CVE-2022-45693)
- json5: Prototype Pollution in JSON5 via Parse Method (CVE-2022-46175)
- Apache CXF: directory listing / code exfiltration (CVE-2022-46363)
- Apache CXF: SSRF Vulnerability (CVE-2022-46364)
- keycloak: Client Registration endpoint does not check token revocation (CVE-2023-0091)
- keycloak: user impersonation via stolen uuid code (CVE-2023-0264)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected rh-sso7-keycloak and / or rh-sso7-keycloak-server packages.See Also
https://access.redhat.com/security/cve/CVE-2018-14040
https://access.redhat.com/security/cve/CVE-2018-14042
https://access.redhat.com/security/cve/CVE-2019-11358
https://access.redhat.com/security/cve/CVE-2020-11022
https://access.redhat.com/security/cve/CVE-2020-11023
https://access.redhat.com/security/cve/CVE-2021-35065
https://access.redhat.com/security/cve/CVE-2021-44906
https://access.redhat.com/security/cve/CVE-2022-1274
https://access.redhat.com/security/cve/CVE-2022-1438
https://access.redhat.com/security/cve/CVE-2022-1471
https://access.redhat.com/security/cve/CVE-2022-2764
https://access.redhat.com/security/cve/CVE-2022-3782
https://access.redhat.com/security/cve/CVE-2022-3916
https://access.redhat.com/security/cve/CVE-2022-4137
https://access.redhat.com/security/cve/CVE-2022-24785
https://access.redhat.com/security/cve/CVE-2022-25857
https://access.redhat.com/security/cve/CVE-2022-31129
https://access.redhat.com/security/cve/CVE-2022-37603
https://access.redhat.com/security/cve/CVE-2022-38749
https://access.redhat.com/security/cve/CVE-2022-38750
https://access.redhat.com/security/cve/CVE-2022-38751
https://access.redhat.com/security/cve/CVE-2022-40149
https://access.redhat.com/security/cve/CVE-2022-40150
https://access.redhat.com/security/cve/CVE-2022-42003
https://access.redhat.com/security/cve/CVE-2022-42004
https://access.redhat.com/security/cve/CVE-2022-45047
https://access.redhat.com/security/cve/CVE-2022-45693
https://access.redhat.com/security/cve/CVE-2022-46175
https://access.redhat.com/security/cve/CVE-2022-46363
https://access.redhat.com/security/cve/CVE-2022-46364
https://access.redhat.com/security/cve/CVE-2023-0091
https://access.redhat.com/security/cve/CVE-2023-0264
https://access.redhat.com/errata/RHSA-2023:1045
https://bugzilla.redhat.com/1601614
https://bugzilla.redhat.com/1601617
https://bugzilla.redhat.com/1701972
https://bugzilla.redhat.com/1828406
https://bugzilla.redhat.com/1850004
https://bugzilla.redhat.com/2031904
https://bugzilla.redhat.com/2066009
https://bugzilla.redhat.com/2072009
https://bugzilla.redhat.com/2073157
https://bugzilla.redhat.com/2105075
https://bugzilla.redhat.com/2117506
https://bugzilla.redhat.com/2126789
https://bugzilla.redhat.com/2129706
https://bugzilla.redhat.com/2129707
https://bugzilla.redhat.com/2129709
https://bugzilla.redhat.com/2135244
https://bugzilla.redhat.com/2135247
https://bugzilla.redhat.com/2135770
https://bugzilla.redhat.com/2135771
https://bugzilla.redhat.com/2138971
https://bugzilla.redhat.com/2140597
https://bugzilla.redhat.com/2141404
https://bugzilla.redhat.com/2145194
https://bugzilla.redhat.com/2148496
https://bugzilla.redhat.com/2150009
https://bugzilla.redhat.com/2155681
https://bugzilla.redhat.com/2155682
https://bugzilla.redhat.com/2155970
https://bugzilla.redhat.com/2156263
https://bugzilla.redhat.com/2156324
Plugin Details
Severity: Critical
ID: 172039
File Name: redhat-RHSA-2023-1045.nasl
Version: 1.3
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 3/1/2023
Updated: 8/2/2023
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2021-44906
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
CVSS Score Source: CVE-2022-46364
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak, p-cpe:/a:redhat:enterprise_linux:rh-sso7-keycloak-server, cpe:/o:redhat:enterprise_linux:9
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/1/2023
Vulnerability Publication Date: 7/13/2018
Reference Information
CVE: CVE-2018-14040, CVE-2018-14042, CVE-2019-11358, CVE-2020-11022, CVE-2020-11023, CVE-2021-35065, CVE-2021-44906, CVE-2022-1274, CVE-2022-1438, CVE-2022-1471, CVE-2022-24785, CVE-2022-25857, CVE-2022-2764, CVE-2022-31129, CVE-2022-37603, CVE-2022-3782, CVE-2022-38749, CVE-2022-38750, CVE-2022-38751, CVE-2022-3916, CVE-2022-40149, CVE-2022-40150, CVE-2022-4137, CVE-2022-42003, CVE-2022-42004, CVE-2022-45047, CVE-2022-45693, CVE-2022-46175, CVE-2022-46363, CVE-2022-46364, CVE-2023-0091, CVE-2023-0264