CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%
The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(197899);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/27");
script_cve_id("CVE-2024-35192");
script_xref(name:"IAVB", value:"2024-B-0065");
script_name(english:"Aqua Security Trivy < 0.51.2 Credential Leak (GHSA-xcq4-m2r3-cmrj)");
script_set_attribute(attribute:"synopsis", value:
"The remote host has an application installed that is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of Aqua Security Trivy installed on the remote host is prior to 0.51.2. It is, therefore, affected by a
vulnerability as referenced in the GHSA-xcq4-m2r3-cmrj advisory.
- If a malicious actor is able to trigger Trivy to scan container images from a crafted malicious registry, it could
result in the leakage of credentials for legitimate registries such as AWS Elastic Container Registry (ECR), Google
Cloud Artifact/Container Registry, or Azure Container Registry (ACR). These tokens can then be used to push/pull
images from those registries to which the identity/user running Trivy has access. Systems are not affected if the
default credential provider chain is unable to obtain valid credentials. This vulnerability only applies when
scanning container images directly from a registry. (CVE-2024-35192)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://github.com/aquasecurity/trivy/security/advisories/GHSA-xcq4-m2r3-cmrj
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?277170f1");
script_set_attribute(attribute:"see_also", value:"https://github.com/aquasecurity/trivy/releases");
script_set_attribute(attribute:"solution", value:
"Upgrade Aqua Security Trivy to version 0.51.2 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:L/AC:H/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-35192");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/20");
script_set_attribute(attribute:"patch_publication_date", value:"2024/05/20");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/24");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:aqua_security:trivy");
script_set_attribute(attribute:"stig_severity", value:"II");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Misc.");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("aqua_security_trivy_nix_installed.nbin");
script_require_keys("installed_sw/Aqua Security Trivy");
exit(0);
}
include('vcf.inc');
var app_info = vcf::get_app_info(app:'Aqua Security Trivy');
vcf::check_granularity(app_info:app_info, sig_segments:3);
var constraints = [
{ 'fixed_version' : '0.51.2' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
9.0%