RHEL 8 : Satellite 6.14 (RHSA-2023:6818)

critical Nessus Plugin ID 194436

Language:

Synopsis

The remote Red Hat host is missing one or more security updates for Satellite 6.14.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory.

- kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)

- openssl: c_rehash script allows command injection (CVE-2022-1292)

- openssl: the c_rehash script allows command injection (CVE-2022-2068)

- Pulp:Tokens stored in plaintext (CVE-2022-3644)

- foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)

- satellite: Blind SSRF via Referer header (CVE-2022-4130)

- python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server (CVE-2022-40899)

- golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

- rubygem-activerecord: Denial of Service (CVE-2022-44566)

- rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44570, CVE-2022-44571, CVE-2022-44572)

- ruby-git: code injection vulnerability (CVE-2022-46648, CVE-2022-47318)

- Foreman: Arbitrary code execution through templates (CVE-2023-0118)

- Foreman: Stored cross-site scripting in host tab (CVE-2023-0119)

- puppet: Puppet Server ReDoS (CVE-2023-1894)

- rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22792, CVE-2023-22795)

- rubygem-activerecord: SQL Injection (CVE-2023-22794)

- rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)

- rubygem-globalid: ReDoS vulnerability (CVE-2023-22799)

- rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

- rubygem-rack: denial of service in header parsing (CVE-2023-27539)

- golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

- sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (CVE-2023-30608)

- python-django: Potential bypass of validation when uploading multiple files using one form field (CVE-2023-31047)

- python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

- python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)

- golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

- GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)

- HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Satellite 6.14 package based on the guidance in RHSA-2023:6818.

Plugin Details

Severity: Critical

ID: 194436

File Name: redhat-RHSA-2023-6818.nasl

Version: 1.1

Type: local

Agent: unix

Family: Red Hat Local Security Checks

Published: 4/29/2024

Updated: 4/29/2024

Supported Sensors: Agentless Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-2068

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2023-40267

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:yggdrasil-worker-forwarder, p-cpe:/a:redhat:enterprise_linux:foreman-service, p-cpe:/a:redhat:enterprise_linux:python-gitpython, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:python-future, p-cpe:/a:redhat:enterprise_linux:python39-django, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq, p-cpe:/a:redhat:enterprise_linux:python39-future, p-cpe:/a:redhat:enterprise_linux:rubygem-git, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:python-requests, p-cpe:/a:redhat:enterprise_linux:python39-gitpython, p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:python-sqlparse, p-cpe:/a:redhat:enterprise_linux:rubygem-kubeclient, p-cpe:/a:redhat:enterprise_linux:python-pulp-ansible, p-cpe:/a:redhat:enterprise_linux:python39-pulp-ansible, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:foreman-redis, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:python39-requests, p-cpe:/a:redhat:enterprise_linux:python39-sqlparse, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:rubygem-globalid, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-rack

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2023

Vulnerability Publication Date: 3/25/2022

CISA Known Exploited Vulnerability Due Dates: 10/31/2023

Reference Information

CVE: CVE-2022-0759, CVE-2022-1292, CVE-2022-2068, CVE-2022-3644, CVE-2022-3874, CVE-2022-40899, CVE-2022-4130, CVE-2022-41717, CVE-2022-44566, CVE-2022-44570, CVE-2022-44571, CVE-2022-44572, CVE-2022-46648, CVE-2022-47318, CVE-2023-0118, CVE-2023-0119, CVE-2023-1894, CVE-2023-22792, CVE-2023-22794, CVE-2023-22795, CVE-2023-22796, CVE-2023-22799, CVE-2023-27530, CVE-2023-27539, CVE-2023-29406, CVE-2023-30608, CVE-2023-31047, CVE-2023-32681, CVE-2023-36053, CVE-2023-39325, CVE-2023-40267, CVE-2023-44487

CWE: 113, 1333, 20, 256, 295, 400, 402, 77, 770, 78, 79, 89, 918, 94

RHSA: 2023:6818

Detections

Analytics