Detections
Analytics
RHCOS 4 : OpenShift Container Platform 4.15.z (RHSA-2023:7200)
high Nessus Plugin ID 312066
Synopsis
The remote Red Hat CoreOS host is missing one or more security updates for OpenShift Container Platform 4.15.z.Description
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:7200 advisory.- golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)
- golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests (CVE-2023-39326)
- golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges. (CVE-2023-45287)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHCOS OpenShift Container Platform 4.15.z package based on the guidance in RHSA-2023:7200.See Also
https://access.redhat.com/security/updates/classification/#important
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
https://bugzilla.redhat.com/show_bug.cgi?id=2243296
https://bugzilla.redhat.com/show_bug.cgi?id=2253193
https://bugzilla.redhat.com/show_bug.cgi?id=2253330
https://issues.redhat.com/browse/OCPBUGS-18548
https://issues.redhat.com/browse/OCPBUGS-19288
https://issues.redhat.com/browse/OCPBUGS-19363
https://issues.redhat.com/browse/OCPBUGS-19384
https://issues.redhat.com/browse/OCPBUGS-19422
https://issues.redhat.com/browse/OCPBUGS-19433
https://issues.redhat.com/browse/OCPBUGS-19457
https://issues.redhat.com/browse/OCPBUGS-19488
https://issues.redhat.com/browse/OCPBUGS-19540
https://issues.redhat.com/browse/OCPBUGS-19567
https://issues.redhat.com/browse/OCPBUGS-19632
https://issues.redhat.com/browse/OCPBUGS-19719
https://issues.redhat.com/browse/OCPBUGS-20037
https://issues.redhat.com/browse/OCPBUGS-22322
https://issues.redhat.com/browse/OCPBUGS-22338
https://issues.redhat.com/browse/OCPBUGS-22685
https://issues.redhat.com/browse/OCPBUGS-22809
https://issues.redhat.com/browse/OCPBUGS-22854
https://issues.redhat.com/browse/OCPBUGS-22858
https://issues.redhat.com/browse/OCPBUGS-22936
https://issues.redhat.com/browse/OCPBUGS-25689
https://issues.redhat.com/browse/OCPBUGS-25851
https://issues.redhat.com/browse/OCPBUGS-25904
https://issues.redhat.com/browse/OCPBUGS-27398
https://issues.redhat.com/browse/OCPBUGS-27855
Plugin Details
Severity: High
ID: 312066
File Name: rhcos-RHSA-2023-7200.nasl
Version: 1.1
Type: Local
Agent: unix
Family: Red Hat Local Security Checks
Published: 5/4/2026
Updated: 5/4/2026
Supported Sensors: Continuous Assessment, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.1
Vendor
Vendor Severity: Important
CVSS v2
Risk Factor: High
Base Score: 7.8
Temporal Score: 5.8
Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N
CVSS Score Source: CVE-2023-45287
CVSS v3
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:microshift, p-cpe:/a:redhat:enterprise_linux:microshift-release-info, p-cpe:/a:redhat:enterprise_linux:microshift-selinux, p-cpe:/a:redhat:enterprise_linux:microshift-olm, p-cpe:/a:redhat:enterprise_linux:microshift-networking, cpe:/o:redhat:enterprise_linux:9:coreos, p-cpe:/a:redhat:enterprise_linux:microshift-greenboot
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 2/27/2024
Vulnerability Publication Date: 10/11/2023