Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.AL2_ALAS-2024-2466.NASLHistoryFeb 19, 2024 - 12:00 a.m.
Amazon Linux 2 : jsoup (ALAS-2024-2466)
2024-02-1900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
17
amazon linux 2
jsoup
xss
html parsing
security vulnerability
alas-2024-2466
content security policy
java
nessus
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%
The version of jsoup installed on the remote host is prior to 1.6.1-10. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2024-2466 advisory.
- jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS) safety. jsoup may incorrectly sanitize HTML including
javascript:URL expressions, which could allow XSS attacks when a reader subsequently clicks that link. If the non-defaultSafeList.preserveRelativeLinksoption is enabled, HTML includingjavascript:URLs that have been crafted with control characters will not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version.
Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using the updated version. To remediate this issue without immediately upgrading: - disableSafeList.preserveRelativeLinks, which will rewrite input URLs as absolute URLs - ensure an appropriate Content Security Policy is defined. (This should be used regardless of upgrading, as a defence-in-depth best practice.) (CVE-2022-36033)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Amazon Linux 2 Security Advisory ALAS-2024-2466.
##
include('compat.inc');
if (description)
{
script_id(190691);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/02/20");
script_cve_id("CVE-2022-36033");
script_name(english:"Amazon Linux 2 : jsoup (ALAS-2024-2466)");
script_set_attribute(attribute:"synopsis", value:
"The remote Amazon Linux 2 host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The version of jsoup installed on the remote host is prior to 1.6.1-10. It is, therefore, affected by a vulnerability as
referenced in the ALAS2-2024-2466 advisory.
- jsoup is a Java HTML parser, built for HTML editing, cleaning, scraping, and cross-site scripting (XSS)
safety. jsoup may incorrectly sanitize HTML including `javascript:` URL expressions, which could allow XSS
attacks when a reader subsequently clicks that link. If the non-default `SafeList.preserveRelativeLinks`
option is enabled, HTML including `javascript:` URLs that have been crafted with control characters will
not be sanitized. If the site that this HTML is published on does not set a Content Security Policy, an
XSS attack is then possible. This issue is patched in jsoup 1.15.3. Users should upgrade to this version.
Additionally, as the unsanitized input may have been persisted, old content should be cleaned again using
the updated version. To remediate this issue without immediately upgrading: - disable
`SafeList.preserveRelativeLinks`, which will rewrite input URLs as absolute URLs - ensure an appropriate
[Content Security Policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP) is defined. (This should
be used regardless of upgrading, as a defence-in-depth best practice.) (CVE-2022-36033)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/AL2/ALAS-2024-2466.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/cve/html/CVE-2022-36033.html");
script_set_attribute(attribute:"see_also", value:"https://alas.aws.amazon.com/faqs.html");
script_set_attribute(attribute:"solution", value:
"Run 'yum update jsoup' to update your system.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-36033");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/08/24");
script_set_attribute(attribute:"patch_publication_date", value:"2024/02/15");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/02/19");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jsoup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:jsoup-javadoc");
script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux:2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Amazon Linux Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list");
exit(0);
}
include("rpm.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var alas_release = get_kb_item("Host/AmazonLinux/release");
if (isnull(alas_release) || !strlen(alas_release)) audit(AUDIT_OS_NOT, "Amazon Linux");
var os_ver = pregmatch(pattern: "^AL(A|\d+|-\d+)", string:alas_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux");
os_ver = os_ver[1];
if (os_ver != "2")
{
if (os_ver == 'A') os_ver = 'AMI';
audit(AUDIT_OS_NOT, "Amazon Linux 2", "Amazon Linux " + os_ver);
}
if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
var pkgs = [
{'reference':'jsoup-1.6.1-10.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE},
{'reference':'jsoup-javadoc-1.6.1-10.amzn2.0.1', 'release':'AL2', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach var package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, "jsoup / jsoup-javadoc");
}Related
debiancve
debiancve
CVE-2022-36033
2022-08-29 17:15:08
redhatcve
redhatcve
CVE-2022-36033
2022-09-15 10:13:18
nessus
nessus
RHEL 9 : jsoup (Unpatched Vulnerability)
2024-06-03 00:00:00
SUSE SLED15 / SLES15 Security Update : jsoup (SUSE-SU-2022:4011-1)
2022-11-17 00:00:00
Amazon Linux 2023 : jsoup, jsoup-javadoc (ALAS2023-2023-315)
2023-08-24 00:00:00
ibm
ibm
ubuntucve
ubuntucve
CVE-2022-36033
2022-08-29 00:00:00
nvd
nvd
CVE-2022-36033
2022-08-29 17:15:08
github
github
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2022:4011-1)
2022-11-17 00:00:00
amazon
amazon
Medium: jsoup
2024-02-15 03:52:00
prion
prion
Cross site scripting
2022-08-29 17:15:00
osv
osv
CVE-2022-36033
2022-08-29 17:15:08
cgr
cgr
CVE-2022-36033 vulnerabilities
2024-05-19 03:07:16
cbl_mariner
cbl_mariner
CVE-2022-36033 affecting package jsoup 1.11.3-3
2024-06-26 15:36:28
cve
cve
CVE-2022-36033
2022-08-29 17:15:08
veracode
veracode
Cross-site Scripting (XSS)
2022-08-30 07:07:33
cvelist
cvelist
wolfi
wolfi
CVE-2022-36033 vulnerabilities
2024-06-26 15:33:03
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2024
2024-01-16 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.4 Medium
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
44.7%
Related for AL2_ALAS-2024-2466.NASL