osbuild-composer < 94 Race Condition

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(192468);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/03/25");

  script_cve_id("CVE-2024-2307");
  script_xref(name:"IAVB", value:"2024-B-0026");

  script_name(english:"osbuild-composer < 94 Race Condition");

  script_set_attribute(attribute:"synopsis", value:
"The version of osbuild-composer installed on the remote host may be vulnerable to a man-in-the middle attack due to a race condition.");
  script_set_attribute(attribute:"description", value:
"The version of osbuild-composer installed on the remote host is prior to 94. It may, therefore, be affected by a race
condition. A condition can be triggered that disables GPG verification for package repositories, which can expose the
build phase to a Man-in-the-Middle attack, allowing untrusted code to be installed into an image being built.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2024-2307");
  script_set_attribute(attribute:"solution", value:
"Upgrade to osbuild-composer to version 94 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:L/AC:M/Au:S/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2307");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/11/15");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/03/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/03/22");

  script_set_attribute(attribute:"potential_vulnerability", value:"true");
  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"x-cpe:/a:osbuild:osbuild-composer");
  script_set_attribute(attribute:"stig_severity", value:"II");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Misc.");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("unix_enum_sw.nasl");
  script_require_keys("Host/nix/packages", "Settings/ParanoidReport");

  exit(0);
}

include('local_detection_nix.inc');

# Fixes will be backported and this package is only installable via a package manager
# so all installs will be mananged. This plugin is to catch installs until vendor-specific
# advisories are released.
if (report_paranoia < 2)
  audit(AUDIT_PARANOID);

var app = 'osbuild_composer';
var packages = ldnix::search_packages([new('ldnix::pkg_target', 'osbuild-composer', '(osbuild-composer)-([0-9.]+)')]);

if (empty_or_null(packages))
  audit(AUDIT_NOT_INST, app);

var package = branch(packages);
if (ver_compare(ver:package.version, fix:'94', strict:FALSE) == -1)
{
  var report = '\n  Installed package : ' + package.path + '-' + package.version +
               '\n  Fixed version     : v94 or later';
  security_report_v4(port:0, extra:report, severity:SECURITY_WARNING);
}
else
  audit(AUDIT_INST_VER_NOT_VULN, app, package.version);