Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2023-F60CCA0686.NASL
HistoryFeb 01, 2023 - 12:00 a.m.

Fedora 38 : 1:rubygem-actionmailer / 1:rubygem-actionpack / 1:rubygem-activerecord / 1:rubygem-activesupport / 1:rubygem-rails / rubygem-actioncable / rubygem-actionmailbox / rubygem-actiontext / rubygem-actionview / rubygem-activejob / rubygem-activemodel / rubygem-activestorage / rubygem-railties (2023-f60cca0686)

2023-02-0100:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
10
JSON

The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the FEDORA-2023-f60cca0686 advisory.

  • A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments.
    If malicious user input is passed to either the annotate query method, the optimizer_hints query method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the database withinsufficient sanitization and be able to inject SQL outside of the comment. (CVE-2023-22794)

  • A denial of service vulnerability present in ActiveRecord’s PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it will treat the target column type as numeric. Comparing integer values against numeric values can result in a slow sequential scan resulting in potential Denial of Service. (CVE-2022-44566)

  • A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1.
    Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. (CVE-2023-22792)

  • A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If- None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected release should either upgrade or use one of the workarounds immediately. (CVE-2023-22795)

  • A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted string passed to the underscore method can cause the regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a possible DoS vulnerability. (CVE-2023-22796)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2023-f60cca0686
#

include('compat.inc');

if (description)
{
  script_id(170920);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/09/05");

  script_cve_id(
    "CVE-2022-44566",
    "CVE-2023-22792",
    "CVE-2023-22794",
    "CVE-2023-22795",
    "CVE-2023-22796",
    "CVE-2023-22797"
  );
  script_xref(name:"FEDORA", value:"2023-f60cca0686");

  script_name(english:"Fedora 38 : 1:rubygem-actionmailer / 1:rubygem-actionpack / 1:rubygem-activerecord / 1:rubygem-activesupport / 1:rubygem-rails / rubygem-actioncable / rubygem-actionmailbox / rubygem-actiontext / rubygem-actionview / rubygem-activejob / rubygem-activemodel / rubygem-activestorage / rubygem-railties (2023-f60cca0686)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 38 host has packages installed that are affected by multiple vulnerabilities as referenced in the
FEDORA-2023-f60cca0686 advisory.

  - A vulnerability in ActiveRecord <6.0.6.1, v6.1.7.1 and v7.0.4.1 related to the sanitization of comments.
    If malicious user input is passed to either the `annotate` query method, the `optimizer_hints` query
    method, or through the QueryLogs interface which automatically adds annotations, it may be sent to the
    database withinsufficient sanitization and be able to inject SQL outside of the comment. (CVE-2023-22794)

  - A denial of service vulnerability present in ActiveRecord's PostgreSQL adapter <7.0.4.1 and <6.1.7.1. When
    a value outside the range for a 64bit signed integer is provided to the PostgreSQL connection adapter, it
    will treat the target column type as numeric. Comparing integer values against numeric values can result
    in a slow sequential scan resulting in potential Denial of Service. (CVE-2022-44566)

  - A regular expression based DoS vulnerability in Action Dispatch <6.0.6.1,< 6.1.7.1, and <7.0.4.1.
    Specially crafted cookies, in combination with a specially crafted X_FORWARDED_HOST header can cause the
    regular expression engine to enter a state of catastrophic backtracking. This can cause the process to use
    large amounts of CPU and memory, leading to a possible DoS vulnerability All users running an affected
    release should either upgrade or use one of the workarounds immediately. (CVE-2023-22792)

  - A regular expression based DoS vulnerability in Action Dispatch <6.1.7.1 and <7.0.4.1 related to the If-
    None-Match header. A specially crafted HTTP If-None-Match header can cause the regular expression engine
    to enter a state of catastrophic backtracking, when on a version of Ruby below 3.2.0. This can cause the
    process to use large amounts of CPU and memory, leading to a possible DoS vulnerability All users running
    an affected release should either upgrade or use one of the workarounds immediately. (CVE-2023-22795)

  - A regular expression based DoS vulnerability in Active Support <6.1.7.1 and <7.0.4.1. A specially crafted
    string passed to the underscore method can cause the regular expression engine to enter a state of
    catastrophic backtracking. This can cause the process to use large amounts of CPU and memory, leading to a
    possible DoS vulnerability. (CVE-2023-22796)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2023-f60cca0686");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-22794");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/02/01");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/02/01");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/02/01");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:38");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actioncable");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actionmailbox");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actionmailer");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actionpack");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actiontext");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-actionview");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-activejob");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-activerecord");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-activestorage");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-activesupport");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-rails");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:rubygem-railties");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^38([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 38', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'rubygem-actioncable-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-actionmailbox-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-actionmailer-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'rubygem-actionpack-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'rubygem-actiontext-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-actionview-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-activejob-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-activemodel-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-activerecord-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'rubygem-activestorage-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'rubygem-activesupport-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'rubygem-rails-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
    {'reference':'rubygem-railties-7.0.4.2-1.fc38', 'release':'FC38', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, '1:rubygem-actionmailer / 1:rubygem-actionpack / 1:rubygem-activerecord / etc');
}
VendorProductVersionCPE
fedoraprojectfedora38cpe:/o:fedoraproject:fedora:38
fedoraprojectfedorarubygem-actioncablep-cpe:/a:fedoraproject:fedora:rubygem-actioncable
fedoraprojectfedorarubygem-actionmailboxp-cpe:/a:fedoraproject:fedora:rubygem-actionmailbox
fedoraprojectfedorarubygem-actionmailerp-cpe:/a:fedoraproject:fedora:rubygem-actionmailer
fedoraprojectfedorarubygem-actionpackp-cpe:/a:fedoraproject:fedora:rubygem-actionpack
fedoraprojectfedorarubygem-actiontextp-cpe:/a:fedoraproject:fedora:rubygem-actiontext
fedoraprojectfedorarubygem-actionviewp-cpe:/a:fedoraproject:fedora:rubygem-actionview
fedoraprojectfedorarubygem-activejobp-cpe:/a:fedoraproject:fedora:rubygem-activejob
fedoraprojectfedorarubygem-activemodelp-cpe:/a:fedoraproject:fedora:rubygem-activemodel
fedoraprojectfedorarubygem-activerecordp-cpe:/a:fedoraproject:fedora:rubygem-activerecord
Rows per page:
1-10 of 141

Related

openvas 3
nessus 6
debian 1
osv 12
github 6
cvelist 6
gitlab 5
prion 6
ubuntucve 6
cve 6
veracode 6
alpinelinux 2
debiancve 6
redhatcve 6
hackerone 2
cbl_mariner 2
rubygems 6
redhat 2
rocky 1
ibm 2
openvas
openvas
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:0444-1)
2024-03-04 00:00:00
Debian: Security Advisory (DSA-5372-1)
2023-03-14 00:00:00
openSUSE: Security Advisory for rubygem (SUSE-SU-2023:0275-1)
2024-03-04 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : rubygem-actionpack-5_1 (SUSE-SU-2023:0444-1)
2023-02-18 00:00:00
Debian DSA-5372-1 : rails - security update
2023-03-14 00:00:00
SUSE SLES15 / openSUSE 15 Security Update : rubygem-activesupport-5_1 (SUSE-SU-2023:0275-1)
2023-02-07 00:00:00
debian
debian
[SECURITY] [DSA 5372-1] rails security update
2023-03-13 03:07:12
osv
osv
rails - security update
2023-03-13 00:00:00
ReDoS based DoS vulnerability in Action Dispatch
2023-01-18 18:23:34
CVE-2022-44566
2023-02-09 20:15:11
github
github
Open Redirect Vulnerability in Action Pack
2023-01-18 18:21:23
ReDoS based DoS vulnerability in Active Support's underscore
2023-01-18 18:23:20
ReDoS based DoS vulnerability in Action Dispatch
2023-01-18 18:23:34
cvelist
cvelist
CVE-2022-44566
2023-02-09 00:00:00
CVE-2023-22797
2023-02-09 00:00:00
CVE-2023-22792
2023-02-09 00:00:00
gitlab
gitlab
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
2023-01-18 00:00:00
Duplicate of ./gem/activesupport/CVE-2023-22796.yml
2023-01-18 00:00:00
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
2023-02-09 00:00:00
prion
prion
Open redirect
2023-02-09 20:15:00
Design/Logic Flaw
2023-02-09 20:15:00
Design/Logic Flaw
2023-02-09 20:15:00
ubuntucve
ubuntucve
CVE-2023-22797
2023-02-09 00:00:00
CVE-2023-22795
2023-02-09 00:00:00
CVE-2023-22796
2023-02-09 00:00:00
cve
cve
CVE-2023-22797
2023-02-09 20:15:11
CVE-2023-22795
2023-02-09 20:15:11
CVE-2023-22794
2023-02-09 20:15:11
veracode
veracode
Regular Expression Denial Of Service(ReDoS)
2023-01-25 02:05:18
Open Redirect
2023-01-19 02:38:52
SQL Injection
2023-01-25 04:39:20
alpinelinux
alpinelinux
CVE-2023-22795
2023-02-09 20:15:11
CVE-2023-22796
2023-02-09 20:15:11
debiancve
debiancve
CVE-2023-22797
2023-02-09 20:15:11
CVE-2023-22794
2023-02-09 20:15:11
CVE-2023-22795
2023-02-09 20:15:11
redhatcve
redhatcve
CVE-2023-22797
2023-01-26 14:35:55
CVE-2023-22794
2023-01-26 14:05:25
CVE-2023-22792
2023-01-26 14:35:35
hackerone
hackerone
Internet Bug Bounty: Open Redirect Vulnerability in Action Pack
2023-02-07 23:03:04
Internet Bug Bounty: [CVE-2023-22796] Possible ReDoS based DoS vulnerability in Active Support’s underscore
2023-06-04 07:58:08
cbl_mariner
cbl_mariner
CVE-2023-22795 affecting package ruby for versions less than 3.1.4-1
2023-05-25 09:38:10
CVE-2023-22795 affecting package ruby 2.6.10-1
2024-05-13 09:06:56
rubygems
rubygems
Open Redirect Vulnerability in Action Pack
2023-01-17 21:00:00
Denial of Service Vulnerability in ActiveRecord’s PostgreSQL adapter
2023-01-17 21:00:00
SQL Injection Vulnerability via ActiveRecord comments
2023-01-17 21:00:00
redhat
redhat
(RHSA-2023:4341) Moderate: Logging Subsystem 5.7.4 - Red Hat OpenShift bug fix and security update
2023-08-02 13:47:42
(RHSA-2023:6818) Important: Satellite 6.14 security and bug fix update
2023-11-08 14:10:25
rocky
rocky
Satellite 6.14 security and bug fix update
2023-11-11 22:58:57
ibm
ibm
Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOPs
2023-03-30 15:19:31
Security Bulletin: Netcool Operations Insights 1.6.9 addresses multiple security vulnerabilities.
2023-07-18 13:09:31
JSON
Related for FEDORA_2023-F60CCA0686.NASL
openvas3nessus6debian1osv12github6cvelist6gitlab5prion6ubuntucve6cve6veracode6alpinelinux2debiancve6redhatcve6hackerone2cbl_mariner2rubygems6redhat2rocky1ibm2