Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-9ED24C98CD.NASL
HistoryJun 19, 2024 - 12:00 a.m.

Fedora 40 : composer (2024-9ed24c98cd)

2024-06-1900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
1
fedora 40
vulnerabilities
fedora-2024-9ed24c98cd
package
version 2.7.7
security
command injection
cve-2024-35241
cve-2024-35242
psr violations
ux
platform requirements
url formats
filesystem
perforce
zip bombs
windows command
autoload keys
git clone errors
regression
color bleed

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-9ed24c98cd advisory.

**Version 2.7.7** 2024-06-10

  * Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c /
**CVE-2024-35241**)
  * Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf /
**CVE-2024-35242**)
  * Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to     new violations being shown (#11957)
  * Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing     branches (#12000)
  * Fixed new platform requirements from composer.json not being checked if the lock file is outdated     (#12001)
  * Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
  * Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
  * Fixed perforce argument escaping (3773f775)
  * Fixed handling of zip bombs when extracting archives (de5f7e32)
  * Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding     conversion (3130a7455, 04a63b324)
  * Fixed ability for `config` command to remove autoload keys (#11967)
  * Fixed empty `type` support in `init` command (#11999)
  * Fixed git clone errors when `safe.bareRepository` is set to `strict` in the git config (#11969)
  * Fixed regression showing network errors on PHP <8.1 (#11974)
  * Fixed some color bleed from a few warnings (#11972)

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-9ed24c98cd
#

include('compat.inc');

if (description)
{
  script_id(200747);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/19");

  script_cve_id("CVE-2024-35241", "CVE-2024-35242");
  script_xref(name:"FEDORA", value:"2024-9ed24c98cd");

  script_name(english:"Fedora 40 : composer (2024-9ed24c98cd)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-9ed24c98cd advisory.

    **Version 2.7.7** 2024-06-10

      * Security: Fixed command injection via malicious git branch name (GHSA-47f6-5gq3-vx9c /
    **CVE-2024-35241**)
      * Security: Fixed multiple command injections via malicious git/hg branch names (GHSA-v9qv-c7wm-wgmf /
    **CVE-2024-35242**)
      * Fixed PSR violations for classes not matching the namespace of a rule being hidden, this may lead to
    new violations being shown (#11957)
      * Fixed UX when a plugin is still in vendor dir but is not required nor allowed anymore after changing
    branches (#12000)
      * Fixed new platform requirements from composer.json not being checked if the lock file is outdated
    (#12001)
      * Fixed secure-http checks that could be bypassed by using malformed URL formats (fa3b9582c)
      * Fixed Filesystem::isLocalPath including windows-specific checks on linux (3c37a67c)
      * Fixed perforce argument escaping (3773f775)
      * Fixed handling of zip bombs when extracting archives (de5f7e32)
      * Fixed Windows command parameter escaping to prevent abuse of unicode characters with best fit encoding
    conversion (3130a7455, 04a63b324)
      * Fixed ability for `config` command to remove autoload keys (#11967)
      * Fixed empty `type` support in `init` command (#11999)
      * Fixed git clone errors when `safe.bareRepository` is set to `strict` in the git config (#11969)
      * Fixed regression showing network errors on PHP <8.1 (#11974)
      * Fixed some color bleed from a few warnings (#11972)





Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-9ed24c98cd");
  script_set_attribute(attribute:"solution", value:
"Update the affected composer package.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-35242");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/06/10");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/06/11");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/19");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:40");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:composer");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Fedora Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^40([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 40', 'Fedora ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);

var pkgs = [
    {'reference':'composer-2.7.7-1.fc40', 'release':'FC40', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (reference && _release) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'composer');
}
VendorProductVersionCPE
fedoraprojectfedoracomposerp-cpe:/a:fedoraproject:fedora:composer
fedoraprojectfedora40cpe:/o:fedoraproject:fedora:40

Related

osv 10
openvas 3
nessus 6
fedora 2
freebsd 1
redos 1
wolfi 2
cve 2
nvd 2
debiancve 2
cvelist 2
alpinelinux 2
veracode 2
github 2
osv
osv
composer - security update
2024-06-19 00:00:00
composer - security update
2024-06-18 00:00:00
CGA-g75w-3gxm-gj8g
2024-06-12 08:05:28
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2024:2106-1)
2024-06-21 00:00:00
Fedora: Security Advisory for composer (FEDORA-2024-9ed24c98cd)
2024-06-20 00:00:00
Fedora: Security Advisory for composer (FEDORA-2024-bb55f8476a)
2024-06-21 00:00:00
nessus
nessus
SUSE SLES15 / openSUSE 15 Security Update : php-composer2 (SUSE-SU-2024:2107-1)
2024-06-21 00:00:00
Debian dsa-5715 : composer - security update
2024-06-18 00:00:00
Debian dla-3838 : composer - security update
2024-06-20 00:00:00
fedora
fedora
[SECURITY] Fedora 40 Update: composer-2.7.7-1.fc40
2024-06-20 01:51:55
[SECURITY] Fedora 39 Update: composer-2.7.7-1.fc39
2024-06-20 08:01:50
freebsd
freebsd
Composer -- Multiple command injections via malicious git/hg branch names
2024-06-10 00:00:00
redos
redos
ROS-20240626-10
2024-06-26 00:00:00
wolfi
wolfi
CVE-2024-35242 vulnerabilities
2024-06-27 09:08:32
CVE-2024-35241 vulnerabilities
2024-06-27 09:08:32
cve
cve
CVE-2024-35241
2024-06-10 22:15:09
CVE-2024-35242
2024-06-10 22:15:09
nvd
nvd
CVE-2024-35241
2024-06-10 22:15:09
CVE-2024-35242
2024-06-10 22:15:09
debiancve
debiancve
CVE-2024-35242
2024-06-10 22:15:09
CVE-2024-35241
2024-06-10 22:15:09
cvelist
cvelist
CVE-2024-35242 Composer vulnerable to command injection via malicious git/hg branch names
2024-06-10 21:23:44
CVE-2024-35241 Composer vulnerable to command injection via malicious git branch name
2024-06-10 21:19:47
alpinelinux
alpinelinux
CVE-2024-35241
2024-06-10 22:15:09
CVE-2024-35242
2024-06-10 22:15:09
veracode
veracode
Code Execution
2024-06-12 06:25:27
Command Injection
2024-06-12 07:14:42
github
github
Composer has a command injection via malicious git branch name
2024-06-10 21:36:32
Composer has multiple command injections via malicious git/hg branch names
2024-06-10 21:36:25

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

9.3 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.7%

JSON
Related for FEDORA_2024-9ED24C98CD.NASL
osv10openvas3nessus6fedora2freebsd1redos1wolfi2cve2nvd2debiancve2cvelist2alpinelinux2veracode2github2