Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-22F1E313DD.NASL
HistoryMar 30, 2024 - 12:00 a.m.

Fedora 39 : podman-tui (2024-22f1e313dd)

2024-03-3000:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
11
fedora 39
podman-tui
json web encryption
vulnerability
cve-2024-28176
cpu time
memory
nessus scanner

6.6 Medium

AI Score

Confidence

Low

JSON

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-22f1e313dd advisory.

  • jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS), and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces, specifically related to the support for decompressing plaintext after its decryption. Under certain conditions it is possible to have the user’s environment consume unreasonable amount of CPU time or memory during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.
    (CVE-2024-28176)

  • Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of standards. An attacker could send a JWE containing compressed data that used large amounts of memory and CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been patched in versions 4.0.1, 3.0.3 and 2.6.3. (CVE-2024-28180)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-22f1e313dd
#

include('compat.inc');

if (description)
{
  script_id(192716);
  script_version("1.0");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/30");

  script_cve_id("CVE-2024-28176", "CVE-2024-28180");
  script_xref(name:"FEDORA", value:"2024-22f1e313dd");

  script_name(english:"Fedora 39 : podman-tui (2024-22f1e313dd)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-22f1e313dd advisory.

  - jose is JavaScript module for JSON Object Signing and Encryption, providing support for JSON Web Tokens
    (JWT), JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), JSON Web Key Set (JWKS),
    and more. A vulnerability has been identified in the JSON Web Encryption (JWE) decryption interfaces,
    specifically related to the support for decompressing plaintext after its decryption. Under certain
    conditions it is possible to have the user's environment consume unreasonable amount of CPU time or memory
    during JWE Decryption operations. This issue has been patched in versions 2.0.7 and 4.15.5.
    (CVE-2024-28176)

  - Package jose aims to provide an implementation of the Javascript Object Signing and Encryption set of
    standards. An attacker could send a JWE containing compressed data that used large amounts of memory and
    CPU when decompressed by Decrypt or DecryptMulti. Those functions now return an error if the decompressed
    data would exceed 250kB or 10x the compressed size (whichever is larger). This vulnerability has been
    patched in versions 4.0.1, 3.0.3 and 2.6.3. (CVE-2024-28180)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-22f1e313dd");
  script_set_attribute(attribute:"solution", value:
"Update the affected podman-tui package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-28176");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/03/07");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/21");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/30");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:39");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:podman-tui");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^39([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 39', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'podman-tui-1.0.0-1.fc39', 'release':'FC39', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'podman-tui');
}
VendorProductVersionCPE
fedoraprojectfedora39cpe:/o:fedoraproject:fedora:39
fedoraprojectfedorapodman-tuip-cpe:/a:fedoraproject:fedora:podman-tui

Related

fedora 8
nessus 31
openvas 8
redhat 28
cvelist 2
osv 7
cve 2
cbl_mariner 2
github 2
redhatcve 2
veracode 2
prion 2
cgr 2
wolfi 2
ubuntucve 2
ibm 3
debiancve 1
alpinelinux 1
oraclelinux 1
rocky 1
fedora
fedora
[SECURITY] Fedora 40 Update: apptainer-1.3.0-1.fc40
2024-03-23 00:52:04
[SECURITY] Fedora 39 Update: apptainer-1.3.0-1.fc39
2024-03-22 01:16:30
[SECURITY] Fedora 40 Update: podman-tui-1.0.0-1.fc40
2024-03-29 04:11:18
nessus
nessus
Fedora 40 : apptainer (2024-560a7aca85)
2024-04-29 00:00:00
Fedora 40 : podman-tui (2024-831bad8f8f)
2024-04-29 00:00:00
Fedora 39 : apptainer (2024-453ee0b3b9)
2024-03-22 00:00:00
openvas
openvas
Fedora: Security Advisory for podman-tui (FEDORA-2024-831bad8f8f)
2024-04-03 00:00:00
Fedora: Security Advisory for apptainer (FEDORA-2024-453ee0b3b9)
2024-03-25 00:00:00
Fedora: Security Advisory for podman-tui (FEDORA-2024-529fe8a802)
2024-04-03 00:00:00
redhat
redhat
(RHSA-2024:2054) Moderate: OpenShift Container Platform 4.14.23 security update
2024-05-02 15:32:09
(RHSA-2024:2776) Moderate: OpenShift Container Platform 4.15.13 packages and security update
2024-05-15 18:46:30
(RHSA-2024:2071) Moderate: OpenShift Container Platform 4.15.11 packages and security update
2024-05-02 14:31:32
cvelist
cvelist
CVE-2024-28180 Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
2024-03-09 00:54:46
CVE-2024-28176 jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
2024-03-09 00:43:06
osv
osv
CVE-2024-28180
2024-03-09 01:15:07
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
2024-03-07 22:54:44
CVE-2024-28176
2024-03-09 01:15:07
cve
cve
CVE-2024-28180
2024-03-09 01:15:07
CVE-2024-28176
2024-03-09 01:15:07
cbl_mariner
cbl_mariner
CVE-2024-28180 affecting package keda for versions less than 2.14.0-1
2024-05-17 21:38:35
CVE-2024-28180 affecting package cri-o for versions less than 1.21.7-2
2024-04-30 01:31:53
github
github
Go JOSE vulnerable to Improper Handling of Highly Compressed Data (Data Amplification)
2024-03-07 22:54:44
jose vulnerable to resource exhaustion via specifically crafted JWE with compressed plaintext
2024-03-07 17:40:57
redhatcve
redhatcve
CVE-2024-28176
2024-03-10 20:07:12
CVE-2024-28180
2024-03-10 20:42:26
veracode
veracode
Denial Of Service (DoS)
2024-03-08 07:28:34
Data Amplification
2024-03-08 10:52:31
prion
prion
Code injection
2024-03-09 01:15:00
Code injection
2024-03-09 01:15:00
cgr
cgr
CVE-2024-28176 vulnerabilities
2024-05-19 03:07:16
CVE-2024-28180 vulnerabilities
2024-05-19 03:07:16
wolfi
wolfi
CVE-2024-28176 vulnerabilities
2024-05-29 03:07:31
CVE-2024-28180 vulnerabilities
2024-05-29 03:07:31
ubuntucve
ubuntucve
CVE-2024-28176
2024-03-09 00:00:00
CVE-2024-28180
2024-03-09 00:00:00
ibm
ibm
Security Bulletin: IBM Event Streams is vulnerable to a denial of service attack (CVE-2024-28176).
2024-04-25 05:16:26
Security Bulletin: IBM App Connect Enterprise is vulnerable to a denial of service and remote attack due to node.js jose module and jsonata-js JSONata (CVE-2024-28176, CVE-2024-27307)
2024-04-16 15:42:23
Security Bulletin: IBM Planning Analytics Local - Planning Analytics Workspace is affected by vulnerabilities in multiple Open Source Software (OSS) components
2024-05-07 19:21:55
debiancve
debiancve
CVE-2024-28180
2024-03-09 01:15:07
alpinelinux
alpinelinux
CVE-2024-28180
2024-03-09 01:15:07
oraclelinux
oraclelinux
skopeo security and bug fix update
2024-05-07 00:00:00
rocky
rocky
skopeo security and bug fix update
2024-05-10 14:32:42

6.6 Medium

AI Score

Confidence

Low

JSON
Related for FEDORA_2024-22F1E313DD.NASL
fedora8nessus31openvas8redhat28cvelist2osv7cve2cbl_mariner2github2redhatcve2veracode2prion2cgr2wolfi2ubuntucve2ibm3debiancve1alpinelinux1oraclelinux1rocky1