Detections
Analytics
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:5693)
medium Nessus Plugin ID 182992
Language:
Synopsis
The remote Red Hat host is missing one or more security updates.Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:5693 advisory.- bootstrap: Cross-site Scripting (XSS) in the data-target property of scrollspy (CVE-2018-14041)
- bootstrap: XSS in the tooltip data-viewport attribute (CVE-2018-20676)
- bootstrap: XSS in the affix configuration target property (CVE-2018-20677)
- rgw: improperly verified POST keys (CVE-2023-43040)
- ceph: RGW crash upon misconfigured CORS rule (CVE-2023-46159)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the affected packages.See Also
http://www.nessus.org/u?15054117
http://www.nessus.org/u?82ce1f61
https://access.redhat.com/errata/RHSA-2023:5693
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1601616
https://bugzilla.redhat.com/show_bug.cgi?id=1668082
https://bugzilla.redhat.com/show_bug.cgi?id=1668089
https://bugzilla.redhat.com/show_bug.cgi?id=1960643
https://bugzilla.redhat.com/show_bug.cgi?id=2088172
https://bugzilla.redhat.com/show_bug.cgi?id=2114615
https://bugzilla.redhat.com/show_bug.cgi?id=2138216
https://bugzilla.redhat.com/show_bug.cgi?id=2141003
https://bugzilla.redhat.com/show_bug.cgi?id=2161569
https://bugzilla.redhat.com/show_bug.cgi?id=2166413
https://bugzilla.redhat.com/show_bug.cgi?id=2166688
https://bugzilla.redhat.com/show_bug.cgi?id=2170836
https://bugzilla.redhat.com/show_bug.cgi?id=2172838
https://bugzilla.redhat.com/show_bug.cgi?id=2183926
https://bugzilla.redhat.com/show_bug.cgi?id=2188557
https://bugzilla.redhat.com/show_bug.cgi?id=2203397
https://bugzilla.redhat.com/show_bug.cgi?id=2210944
https://bugzilla.redhat.com/show_bug.cgi?id=2211290
https://bugzilla.redhat.com/show_bug.cgi?id=2211477
https://bugzilla.redhat.com/show_bug.cgi?id=2212787
https://bugzilla.redhat.com/show_bug.cgi?id=2214278
https://bugzilla.redhat.com/show_bug.cgi?id=2215392
https://bugzilla.redhat.com/show_bug.cgi?id=2216230
https://bugzilla.redhat.com/show_bug.cgi?id=2216855
https://bugzilla.redhat.com/show_bug.cgi?id=2216920
https://bugzilla.redhat.com/show_bug.cgi?id=2217817
https://bugzilla.redhat.com/show_bug.cgi?id=2219465
https://bugzilla.redhat.com/show_bug.cgi?id=2220922
https://bugzilla.redhat.com/show_bug.cgi?id=2222720
https://bugzilla.redhat.com/show_bug.cgi?id=2222726
https://bugzilla.redhat.com/show_bug.cgi?id=2223990
https://bugzilla.redhat.com/show_bug.cgi?id=2224230
https://bugzilla.redhat.com/show_bug.cgi?id=2224233
https://bugzilla.redhat.com/show_bug.cgi?id=2224239
https://bugzilla.redhat.com/show_bug.cgi?id=2224243
https://bugzilla.redhat.com/show_bug.cgi?id=2224407
https://bugzilla.redhat.com/show_bug.cgi?id=2227045
https://bugzilla.redhat.com/show_bug.cgi?id=2227842
https://bugzilla.redhat.com/show_bug.cgi?id=2228004
https://bugzilla.redhat.com/show_bug.cgi?id=2228242
https://bugzilla.redhat.com/show_bug.cgi?id=2228357
https://bugzilla.redhat.com/show_bug.cgi?id=2228875
https://bugzilla.redhat.com/show_bug.cgi?id=2229179
https://bugzilla.redhat.com/show_bug.cgi?id=2229267
https://bugzilla.redhat.com/show_bug.cgi?id=2231068
https://bugzilla.redhat.com/show_bug.cgi?id=2232087
https://bugzilla.redhat.com/show_bug.cgi?id=2232640
https://bugzilla.redhat.com/show_bug.cgi?id=2233131
https://bugzilla.redhat.com/show_bug.cgi?id=2233762
https://bugzilla.redhat.com/show_bug.cgi?id=2236188
https://bugzilla.redhat.com/show_bug.cgi?id=2236385
https://bugzilla.redhat.com/show_bug.cgi?id=2237376
https://bugzilla.redhat.com/show_bug.cgi?id=2238174
Plugin Details
Severity: Medium
ID: 182992
File Name: redhat-RHSA-2023-5693.nasl
Version: 1.1
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 10/12/2023
Updated: 4/28/2024
Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.0
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2018-20677
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:ceph-mib, p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:cephadm-ansible, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:python3-ceph-common, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:cephadm, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-resource-agents, p-cpe:/a:redhat:enterprise_linux:cephfs-top, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:ceph-immutable-object-cache, p-cpe:/a:redhat:enterprise_linux:python3-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 10/12/2023
Vulnerability Publication Date: 7/12/2018
Reference Information
CVE: CVE-2018-14041, CVE-2018-20676, CVE-2018-20677, CVE-2023-43040, CVE-2023-46159