Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-E363201A4C.NASLHistoryApr 29, 2024 - 12:00 a.m.
Fedora 37 : phoronix-test-suite (2023-e363201a4c)
2024-04-2900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
fedora 37
phoronix-test-suite
xss vulnerability
security updates
remote host
package installed
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.1%
The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-e363201a4c advisory.
- A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite.
(CVE-2022-40704)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-e363201a4c
#
include('compat.inc');
if (description)
{
script_id(194704);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/04/29");
script_cve_id("CVE-2022-40704");
script_xref(name:"FEDORA", value:"2023-e363201a4c");
script_name(english:"Fedora 37 : phoronix-test-suite (2023-e363201a4c)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 37 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2023-e363201a4c advisory.
- A XSS vulnerability was found in phoromatic_r_add_test_details.php in phoronix-test-suite.
(CVE-2022-40704)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-e363201a4c");
script_set_attribute(attribute:"solution", value:
"Update the affected phoronix-test-suite package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-40704");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/01/11");
script_set_attribute(attribute:"patch_publication_date", value:"2023/01/11");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:phoronix-test-suite");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^37([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'phoronix-test-suite-10.8.4-2.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'phoronix-test-suite');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 37 | cpe:/o:fedoraproject:fedora:37 |
| fedoraproject | fedora | phoronix-test-suite | p-cpe:/a:fedoraproject:fedora:phoronix-test-suite |
Related
openvas
openvas
Mageia: Security Advisory (MGASA-2023-0022)
2023-03-28 00:00:00
Fedora: Security Advisory for phoronix-test-suite (FEDORA-2023-40e14b37c2)
2023-01-12 00:00:00
Fedora: Security Advisory for phoronix-test-suite (FEDORA-2023-e363201a4c)
2023-01-13 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: phoronix-test-suite-10.8.4-2.fc37
2023-01-12 01:59:37
[SECURITY] Fedora 36 Update: phoronix-test-suite-10.8.4-2.fc36
2023-01-12 01:35:42
prion
prion
Cross site scripting
2023-01-17 19:15:00
cve
cve
CVE-2022-40704
2023-01-17 19:15:11
nvd
nvd
CVE-2022-40704
2023-01-17 19:15:11
nessus
nessus
Fedora 36 : phoronix-test-suite (2023-40e14b37c2)
2023-01-12 00:00:00
ubuntucve
ubuntucve
CVE-2022-40704
2023-01-17 00:00:00
mageia
mageia
Updated phoronix-test-suite packages fix security vulnerability
2023-01-24 10:58:25
osv
osv
CVE-2022-40704
2023-01-17 19:15:11
cvelist
cvelist
CVE-2022-40704
2023-01-17 00:00:00
6.1 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
6.5 Medium
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
29.1%
Related for FEDORA_2023-E363201A4C.NASL