OpenTelemetry Collector < 0.107.0 Timing Discrepancy

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(205617);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");

  script_cve_id("CVE-2024-42368");
  script_xref(name:"IAVA", value:"2024-B-0116-S");

  script_name(english:"OpenTelemetry Collector < 0.107.0 Timing Discrepancy");

  script_set_attribute(attribute:"synopsis", value:
"An installed application on the remote host is affected by a timing discrepancy vulnerability.");
  script_set_attribute(attribute:"description", value:
"The OpenTelemetry Collector running on the remote host is prior to 0.107.0. It is, therefore, affected by a timing 
discrepancy vulnerability, outlined below:

The bearertokenauth extension's server authenticator performs a simple, non-constant time string comparison of 
the received & configured bearer tokens. This impacts anyone using the `bearertokenauth` server authenticator. 
Malicious clients with network access to the collector may perform a timing attack against a collector with this
authenticator to guess the configured token, by iteratively sending tokens and comparing the response time. This would 
allow an attacker to introduce fabricated or bad data into the collector's telemetry pipeline.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-rfxf-mf63-cpqv
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?12eb51ff");
  script_set_attribute(attribute:"solution", value:
"Upgrade to OpenTelemetry Collector 0.107.0 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-42368");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/13");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/08/15");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:opentelemetry:collector");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("opentelemetry_nix_installed.nbin");
  script_require_keys("installed_sw/OpenTelemetry Collector");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'OpenTelemetry Collector');

var constraints = [
  {'min_version' : '0.80.0', 'fixed_version': '0.107.0'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);