This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.FEDORA_2024-A1246372A4.NASLFedora 40 : webkit2gtk4.0 (2024-a1246372a4)
7.8 High
AI Score
Confidence
High
The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-a1246372a4 advisory.
-
An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a malicious website may lead to address bar spoofing. (CVE-2023-42843)
-
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2023-42950)
-
The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. (CVE-2023-42956)
-
Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
(CVE-2024-23252) -
The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate audio data cross-origin. (CVE-2024-23254)
-
A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4.
Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
(CVE-2024-23263) -
An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able to fingerprint the user. (CVE-2024-23280)
-
A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4.
Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
(CVE-2024-23284)
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
# The descriptive text and package checks in this plugin were
# extracted from Fedora Security Advisory FEDORA-2024-a1246372a4
#
include('compat.inc');
if (description)
{
script_id(195109);
script_version("1.0");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/07");
script_cve_id(
"CVE-2023-42843",
"CVE-2023-42950",
"CVE-2023-42956",
"CVE-2024-23252",
"CVE-2024-23254",
"CVE-2024-23263",
"CVE-2024-23280",
"CVE-2024-23284"
);
script_xref(name:"FEDORA", value:"2024-a1246372a4");
script_name(english:"Fedora 40 : webkit2gtk4.0 (2024-a1246372a4)");
script_set_attribute(attribute:"synopsis", value:
"The remote Fedora host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the
FEDORA-2024-a1246372a4 advisory.
- An inconsistent user interface issue was addressed with improved state management. This issue is fixed in
iOS 16.7.2 and iPadOS 16.7.2, iOS 17.1 and iPadOS 17.1, Safari 17.1, macOS Sonoma 14.1. Visiting a
malicious website may lead to address bar spoofing. (CVE-2023-42843)
- A use after free issue was addressed with improved memory management. This issue is fixed in Safari 17.2,
iOS 17.2 and iPadOS 17.2, tvOS 17.2, watchOS 10.2, macOS Sonoma 14.2. Processing maliciously crafted web
content may lead to arbitrary code execution. (CVE-2023-42950)
- The issue was addressed with improved memory handling. This issue is fixed in Safari 17.2, iOS 17.2 and
iPadOS 17.2, macOS Sonoma 14.2. Processing web content may lead to a denial-of-service. (CVE-2023-42956)
- Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
(CVE-2024-23252)
- The issue was addressed with improved UI handling. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4,
visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, Safari 17.4. A malicious website may exfiltrate
audio data cross-origin. (CVE-2024-23254)
- A logic issue was addressed with improved validation. This issue is fixed in tvOS 17.4, macOS Sonoma 14.4,
visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4.
Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
(CVE-2024-23263)
- An injection issue was addressed with improved validation. This issue is fixed in Safari 17.4, macOS
Sonoma 14.4, iOS 17.4 and iPadOS 17.4, watchOS 10.4, tvOS 17.4. A maliciously crafted webpage may be able
to fingerprint the user. (CVE-2024-23280)
- A logic issue was addressed with improved state management. This issue is fixed in tvOS 17.4, macOS Sonoma
14.4, visionOS 1.1, iOS 17.4 and iPadOS 17.4, watchOS 10.4, iOS 16.7.6 and iPadOS 16.7.6, Safari 17.4.
Processing maliciously crafted web content may prevent Content Security Policy from being enforced.
(CVE-2024-23284)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://bodhi.fedoraproject.org/updates/FEDORA-2024-a1246372a4");
script_set_attribute(attribute:"solution", value:
"Update the affected webkit2gtk4.0 package.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2023-42950");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2024/01/19");
script_set_attribute(attribute:"patch_publication_date", value:"2024/04/28");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/07");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:40");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:webkit2gtk4.0");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Fedora Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
exit(0);
}
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Fedora' >!< os_release) audit(AUDIT_OS_NOT, 'Fedora');
var os_ver = pregmatch(pattern: "Fedora.*release ([0-9]+)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Fedora');
os_ver = os_ver[1];
if (! preg(pattern:"^40([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Fedora 40', 'Fedora ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Fedora', cpu);
var pkgs = [
{'reference':'webkit2gtk4.0-2.44.1-1.fc40', 'release':'FC40', 'rpm_spec_vers_cmp':TRUE}
];
var flag = 0;
foreach package_array ( pkgs ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && _release) {
if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : rpm_report_get()
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'webkit2gtk4.0');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| fedoraproject | fedora | webkit2gtk4.0 | p-cpe:/a:fedoraproject:fedora:webkit2gtk4.0 |
| fedoraproject | fedora | 40 | cpe:/o:fedoraproject:fedora:40 |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42843
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-42956
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23252
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23254
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23263
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23280
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23284
bodhi.fedoraproject.org/updates/FEDORA-2024-a1246372a4
Related
