OpenTelemetry Collector < 0.108.0 Authentication Bypass

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(206657);
  script_version("1.3");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/09/06");

  script_cve_id("CVE-2024-45043");
  script_xref(name:"IAVB", value:"2024-B-0130");

  script_name(english:"OpenTelemetry Collector < 0.108.0 Authentication Bypass");

  script_set_attribute(attribute:"synopsis", value:
"An installed application on the remote host is affected by an authentication bypass vulnerability.");
  script_set_attribute(attribute:"description", value:
"The OpenTelemetry Collector running on the remote host is prior to 0.108.0. It is, therefore, affected by a timing 
discrepancy vulnerability, outlined below:

OpenTelemetry Collector module awsfirehosereceiver allows unauthenticated remote requests, even when configured to 
require a key.

OpenTelemetry Collector can be configured to receive CloudWatch metrics via an AWS Firehose Stream. Firehose 
sets the header X-Amz-Firehose-Access-Key with an arbitrary configured string. The OpenTelemetry Collector 
awsfirehosereceiver can optionally be configured to require this key on incoming requests. However, when this is 
configured it still accepts incoming requests with no key.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-prf6-xjxh-p698
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?29b38fb6");
  script_set_attribute(attribute:"solution", value:
"Upgrade to OpenTelemetry Collector 0.108.0 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-45043");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/08/28");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/08/28");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/09/05");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:opentelemetry:collector");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("opentelemetry_nix_installed.nbin");
  script_require_keys("installed_sw/OpenTelemetry Collector");

  exit(0);
}

include('vcf.inc');

var app_info = vcf::get_app_info(app:'OpenTelemetry Collector');

var constraints = [
  {'min_version' : '0.49.0', 'fixed_version': '0.108.0'}
];

vcf::check_version_and_report(
  app_info:app_info,
  constraints:constraints,
  severity:SECURITY_WARNING
);