Detections
Analytics
RHCOS 4 : Red Hat build of MicroShift 4.16.0 (RHSA-2024:0043)
high Nessus Plugin ID 312058
Language:
Synopsis
The remote Red Hat CoreOS host is missing one or more security updates for Red Hat build of MicroShift 4.16.0.Description
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0043 advisory.- kubernetes: kube-apiserver: bypassing mountable secrets policy imposed by the ServiceAccount admission plugin (CVE-2024-3177)
- golang-protobuf: encoding/protojson, internal/encoding/json: infinite loop in protojson.Unmarshal when unmarshaling certain forms of invalid JSON (CVE-2024-24786)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHCOS Red Hat build of MicroShift 4.16.0 package based on the guidance in RHSA-2024:0043.See Also
https://access.redhat.com/security/updates/classification/#important
https://bugzilla.redhat.com/show_bug.cgi?id=2268046
https://bugzilla.redhat.com/show_bug.cgi?id=2274118
https://issues.redhat.com/browse/OCPBUGS-21901
https://issues.redhat.com/browse/OCPBUGS-23336
https://issues.redhat.com/browse/OCPBUGS-24444
https://issues.redhat.com/browse/OCPBUGS-24689
https://issues.redhat.com/browse/OCPBUGS-25030
https://issues.redhat.com/browse/OCPBUGS-25784
https://issues.redhat.com/browse/OCPBUGS-27849
https://issues.redhat.com/browse/OCPBUGS-29037
https://issues.redhat.com/browse/OCPBUGS-29847
https://issues.redhat.com/browse/OCPBUGS-30039
https://issues.redhat.com/browse/OCPBUGS-30807
https://issues.redhat.com/browse/OCPBUGS-30833
https://issues.redhat.com/browse/OCPBUGS-31739
https://issues.redhat.com/browse/OCPBUGS-32946
https://issues.redhat.com/browse/OCPBUGS-33588
Plugin Details
Severity: High
ID: 312058
File Name: rhcos-RHSA-2024-0043.nasl
Version: 1.1
Type: Local
Agent: unix
Family: Red Hat Local Security Checks
Published: 5/4/2026
Updated: 5/4/2026
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.6
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: Low
Base Score: 3.3
Temporal Score: 2.4
Vector: CVSS2#AV:N/AC:L/Au:M/C:P/I:N/A:N
CVSS Score Source: CVE-2024-3177
CVSS v3
Risk Factor: Low
Base Score: 2.7
Temporal Score: 2.4
Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
CVSS v4
Risk Factor: High
Base Score: 8.7
Threat Score: 6.6
Threat Vector: CVSS:4.0/E:U
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
CVSS Score Source: CVE-2024-24786
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:microshift-networking, p-cpe:/a:redhat:enterprise_linux:microshift-multus, p-cpe:/a:redhat:enterprise_linux:microshift, p-cpe:/a:redhat:enterprise_linux:microshift-greenboot, p-cpe:/a:redhat:enterprise_linux:microshift-olm, p-cpe:/a:redhat:enterprise_linux:microshift-selinux, cpe:/o:redhat:enterprise_linux:9:coreos, p-cpe:/a:redhat:enterprise_linux:microshift-olm-release-info, p-cpe:/a:redhat:enterprise_linux:microshift-multus-release-info, p-cpe:/a:redhat:enterprise_linux:microshift-release-info
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 6/27/2024
Vulnerability Publication Date: 3/5/2024
Reference Information
CVE: CVE-2024-24786, CVE-2024-3177