Lucene search
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-E7297A4AEB.NASLHistoryJan 29, 2023 - 12:00 a.m.
Fedora 37 : pgadmin4 (2023-e7297a4aeb)
2023-01-2900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
9
The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2023-e7297a4aeb advisory.
- JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand (e.g. for config files). The
parsemethod of the JSON5 library before and including versions 1.0.1 and 2.2.1 does not restrict parsing of keys named__proto__, allowing specially crafted strings to pollute the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned byJSON5.parseand not the global Object prototype, which is the commonly understood definition of Prototype Pollution. However, polluting the prototype of a single object can have significant security impact for an application if the object is later used in trusted operations. This vulnerability could allow an attacker to set arbitrary and unexpected keys on the object returned fromJSON5.parse. The actual impact will depend on how applications utilize the returned object and how they filter unwanted keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme cases, remote code execution.JSON5.parseshould restrict parsing of__proto__keys when parsing JSON strings to objects. As a point of reference, theJSON.parsemethod included in JavaScript ignores__proto__keys. Simply changingJSON5.parsetoJSON.parsein the examples above mitigates this vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. (CVE-2022-46175)
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-e7297a4aeb
#
include('compat.inc');
if (description)
{
script_id(170766);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/05");
script_cve_id("CVE-2022-46175");
script_xref(name:"FEDORA", value:"2023-e7297a4aeb");
script_name(english:"Fedora 37 : pgadmin4 (2023-e7297a4aeb)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 37 host has a package installed that is affected by a vulnerability as referenced in the
FEDORA-2023-e7297a4aeb advisory.
- JSON5 is an extension to the popular JSON file format that aims to be easier to write and maintain by hand
(e.g. for config files). The `parse` method of the JSON5 library before and including versions 1.0.1 and
2.2.1 does not restrict parsing of keys named `__proto__`, allowing specially crafted strings to pollute
the prototype of the resulting object. This vulnerability pollutes the prototype of the object returned by
`JSON5.parse` and not the global Object prototype, which is the commonly understood definition of
Prototype Pollution. However, polluting the prototype of a single object can have significant security
impact for an application if the object is later used in trusted operations. This vulnerability could
allow an attacker to set arbitrary and unexpected keys on the object returned from `JSON5.parse`. The
actual impact will depend on how applications utilize the returned object and how they filter unwanted
keys, but could include denial of service, cross-site scripting, elevation of privilege, and in extreme
cases, remote code execution. `JSON5.parse` should restrict parsing of `__proto__` keys when parsing JSON
strings to objects. As a point of reference, the `JSON.parse` method included in JavaScript ignores
`__proto__` keys. Simply changing `JSON5.parse` to `JSON.parse` in the examples above mitigates this
vulnerability. This vulnerability is patched in json5 versions 1.0.2, 2.2.2, and later. (CVE-2022-46175)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-e7297a4aeb");
script_set_attribute(attribute:"solution", value:
"Update the affected pgadmin4 package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-46175");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/12/24");
script_set_attribute(attribute:"patch_publication_date", value:"2023/01/19");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/01/29");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:37");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:pgadmin4");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^37([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 37', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'pgadmin4-6.19-1.fc37', 'release':'FC37', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pgadmin4');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | 37 | cpe:/o:fedoraproject:fedora:37 |
| fedoraproject | fedora | pgadmin4 | p-cpe:/a:fedoraproject:fedora:pgadmin4 |
Related
nessus
nessus
Ubuntu 18.04 LTS / 20.04 LTS / 22.04 LTS : JSON5 vulnerability (USN-6758-1)
2024-04-30 00:00:00
Debian DLA-3665-1 : node-json5 - LTS security update
2023-11-25 00:00:00
RHEL 7 : json5 (Unpatched Vulnerability)
2024-05-11 00:00:00
cvelist
cvelist
CVE-2022-46175
2022-12-24 00:00:00
ibm
ibm
Security Bulletin: IBM App Connect Enterprise Certified Container operands may be vulnerable to arbitrary code execution due to [CVE-2022-46175]
2023-02-02 20:17:31
osv
osv
node-json5 - security update
2023-11-25 00:00:00
Prototype Pollution in JSON5 via Parse Method
2022-12-29 01:51:03
node-json5 vulnerability
2024-04-30 10:50:09
openvas
openvas
Fedora: Security Advisory for pgadmin4 (FEDORA-2023-e7297a4aeb)
2023-01-30 00:00:00
Ubuntu: Security Advisory (USN-6758-1)
2024-05-01 00:00:00
Debian: Security Advisory (DLA-3665-1)
2023-11-27 00:00:00
veracode
veracode
Prototype Pollution
2023-01-05 07:22:55
github
github
Prototype Pollution in JSON5 via Parse Method
2022-12-29 01:51:03
Private vulnerability reporting now generally available
2023-04-19 16:00:41
ubuntu
ubuntu
JSON5 vulnerability
2024-04-30 00:00:00
debian
debian
[SECURITY] [DLA 3665-1] node-json5 security update
2023-11-25 22:33:33
prion
prion
Cross site scripting
2022-12-24 04:15:00
debiancve
debiancve
CVE-2022-46175
2022-12-24 04:15:00
cve
cve
CVE-2022-46175
2022-12-24 04:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: pgadmin4-6.19-1.fc37
2023-01-30 01:27:10
redhatcve
redhatcve
CVE-2022-46175
2022-12-26 05:05:00
ubuntucve
ubuntucve
CVE-2022-46175
2022-12-24 00:00:00
redhat
redhat
Related for FEDORA_2023-E7297A4AEB.NASL