Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(197899);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/27");

  script_cve_id("CVE-2024-35192");
  script_xref(name:"IAVB", value:"2024-B-0065");

  script_name(english:"Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)");

  script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a
vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory.

  - If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could
    result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google
    Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull 
    images from those registries to which the identity/user running Trivy has access. Systems are not affected if the 
    default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when 
    scanning container images directly from a registry. (CVE-2024-35192)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?277170f1");
  script_set_attribute(attribute:"see_also", value:"https://github.com/aquasecurity/trivy/releases");
  script_set_attribute(attribute:"solution", value:
"Upgrade Aqua Security Trivy to version 0.51.2 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-35192");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/20");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/20");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/24");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:aqua_security:trivy");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("aqua_security_trivy_nix_installed.nbin");
  script_require_keys("installed_sw/Aqua Security Trivy");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'Aqua Security Trivy');

vcf::check_granularity(app_info:app_info, sig_segments:3);

var constraints = [
  { 'fixed_version' : '0.51.2' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);