Detections
Analytics

openSUSE 15 Security Update : vexctl (SUSE-SU-2026:0592-1)

high Nessus Plugin ID 299709

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2026:0592-1 advisory.

 - Update to version 0.4.1+git78.f951e3a:
 - CVE-2025-22868: Unexpected memory consumption during token parsing in golang.org/x/oauth2. (bsc#1239186)
 - CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto. (bsc#1234486)
 - CVE-2025-27144: Go JOSE's Parsing Vulnerable to Denial of Service. (bsc#1237611)
 - CVE-2025-22870: proxy bypass using IPv6 zone IDs. (bsc#1238683)
 - CVE-2025-22869: Denial of Service in the Key Exchange of golang.org/x/crypto/ssh. (bsc#1239323)
 - CVE-2025-30204: jwt-go allows excessive memory allocation during header parsing. (bsc#1240444)
 - CVE-2025-58181: invalidated number of mechanisms can cause unbounded memory consumption. (bsc#1253802)
 - CVE-2026-22772: MetaIssuer URL validation bypass can trigger SSRF to arbitrary internal services.
 (bsc#1256535)
 - CVE-2026-24137: legacy TUF client allows for arbitrary file writes with target cache path traversal.
 (bsc#1257138)

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected vexctl package.

See Also

https://bugzilla.suse.com/1234486

https://bugzilla.suse.com/1237611

https://bugzilla.suse.com/1238683

https://bugzilla.suse.com/1239186

https://bugzilla.suse.com/1239323

https://bugzilla.suse.com/1240444

https://bugzilla.suse.com/1253802

https://bugzilla.suse.com/1256535

https://bugzilla.suse.com/1257138

http://www.nessus.org/u?20dff6b8

https://www.suse.com/security/cve/CVE-2024-45337

https://www.suse.com/security/cve/CVE-2025-22868

https://www.suse.com/security/cve/CVE-2025-22869

https://www.suse.com/security/cve/CVE-2025-22870

https://www.suse.com/security/cve/CVE-2025-27144

https://www.suse.com/security/cve/CVE-2025-30204

https://www.suse.com/security/cve/CVE-2025-58181

https://www.suse.com/security/cve/CVE-2026-22772

https://www.suse.com/security/cve/CVE-2026-24137

Plugin Details

Severity: High

ID: 299709

File Name: suse_SU-2026-0592-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 2/21/2026

Updated: 2/21/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.0

CVSS v2

Risk Factor: High

Base Score: 9.4

Temporal Score: 7.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

CVSS Score Source: CVE-2024-45337

CVSS v3

Risk Factor: Critical

Base Score: 9.1

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS v4

Risk Factor: High

Base Score: 8.7

Threat Score: 7.7

Threat Vector: CVSS:4.0/E:P

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2025-30204

Vulnerability Information

CPE: cpe:/o:novell:suse_linux:15

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/20/2026

Vulnerability Publication Date: 12/11/2024

Reference Information

CVE: CVE-2024-45337, CVE-2025-22868, CVE-2025-22869, CVE-2025-22870, CVE-2025-27144, CVE-2025-30204, CVE-2025-58181, CVE-2026-22772, CVE-2026-24137

SuSE: SUSE-SU-2026:0592-1