6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.4%
The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2616 advisory.
Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)
For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Filip Balk (Red Hat).
Additional Changes:
These updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:
https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/ 3.4/html/3.4_release_notes/
All users of Red Hat Gluster Storage are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2018:2616. The text
# itself is copyright (C) Red Hat, Inc.
#
include('compat.inc');
if (description)
{
script_id(117322);
script_version("1.10");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2018-1127");
script_xref(name:"RHSA", value:"2018:2616");
script_name(english:"RHEL 7 : RHGS WA (RHSA-2018:2616)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in
the RHSA-2018:2616 advisory.
Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides
deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster
Storage Web Administration provides a dashboard view which allows an administrator to get a view of
overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.
Security Fix(es):
* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions
(CVE-2018-1127)
For more details about the security issue(s), including the impact, a CVSS score, and other related
information, refer to the CVE page(s) listed in the References section.
This issue was discovered by Filip Balk (Red Hat).
Additional Changes:
These updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and
enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the
Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:
https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/
3.4/html/3.4_release_notes/
All users of Red Hat Gluster Storage are advised to upgrade to these
updated packages, which provide numerous bug fixes and enhancements.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2018/rhsa-2018_2616.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4707a0a6");
# https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d6c2aef9");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2018:2616");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#low");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1502012");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1506123");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1511993");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512091");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512696");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1512937");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1513361");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1513993");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1514171");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1514442");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515213");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515252");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1515660");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1516135");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1516417");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1517077");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1517132");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1517215");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1517246");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1517270");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1517422");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518276");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518525");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518610");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518678");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1518736");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519158");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519178");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519188");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519201");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519218");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519724");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1519750");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1520886");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1525376");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1526338");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1526375");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531133");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1531139");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1536354");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1538248");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1542914");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1546957");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1549146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1555455");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1558431");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559362");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559364");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559365");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559368");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559373");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559379");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559387");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559390");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559396");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559399");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559401");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559402");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559405");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559415");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559416");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559417");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559421");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559426");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559432");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559433");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559436");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559486");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559507");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559690");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559792");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1559901");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560492");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1560879");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1561374");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1561428");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1561468");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1563519");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1563648");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1564107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1564175");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1564423");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1564510");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1565479");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1565898");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1570048");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1570564");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1570616");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571235");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571244");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571245");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571280");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571318");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571325");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571755");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1571809");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1572052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1572090");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1572118");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1572151");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1572216");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1573079");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1573110");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1573481");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1573928");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1573950");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1574938");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1574942");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1575040");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1575835");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1575891");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1576794");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1576829");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1576848");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1578009");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1578329");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1578333");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1578885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1579148");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1579150");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1579152");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1579516");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1579937");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1580385");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1580509");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1581212");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1581718");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1581736");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1581789");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1582465");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1583171");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1584095");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1584660");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1585116");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1585715");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1586074");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1588357");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1588440");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1588650");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1590405");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1592464");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1592487");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1592991");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1592992");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593640");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593852");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1593912");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594762");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594862");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594899");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1594994");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595005");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595013");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595016");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1595295");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596655");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596820");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1596862");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1597235");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1599634");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1599985");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1599987");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1600092");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1600113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1603175");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1610266");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1611601");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1616208");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1616215");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-1127");
script_cwe_id(613);
script_set_attribute(attribute:"vendor_severity", value:"Low");
script_set_attribute(attribute:"vuln_publication_date", value:"2018/09/11");
script_set_attribute(attribute:"patch_publication_date", value:"2018/09/04");
script_set_attribute(attribute:"plugin_publication_date", value:"2018/09/06");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-flask");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-flask-doc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-itsdangerous");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-ansible");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-api");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-api-httpd");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-commons");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-gluster-integration");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-grafana-plugins");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-monitoring-integration");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-node-agent");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-notifier");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:tendrl-ui");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2018-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("redhat_repos.nasl", "ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/source/SRPMS'
],
'pkgs': [
{'reference':'tendrl-gluster-integration-1.6.3-10.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'}
]
},
{
'repo_relative_urls': [
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin-agent/3.1/source/SRPMS',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/source/SRPMS'
],
'pkgs': [
{'reference':'tendrl-commons-1.6.3-12.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-node-agent-1.6.3-10.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'}
]
},
{
'repo_relative_urls': [
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/debug',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/os',
'content/dist/rhel/server/7/7Server/x86_64/rhgs-webadmin/3.1/source/SRPMS'
],
'pkgs': [
{'reference':'python-flask-0.10.1-5.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'glusterfs'},
{'reference':'python-flask-doc-0.10.1-5.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1', 'exists_check':'glusterfs'},
{'reference':'python-itsdangerous-0.23-2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-ansible-1.6.3-7.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-api-1.6.3-5.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-api-httpd-1.6.3-5.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-grafana-plugins-1.6.3-11.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-monitoring-integration-1.6.3-11.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-notifier-1.6.3-4.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'},
{'reference':'tendrl-ui-1.6.3-11.el7rhgs', 'release':'7', 'el_string':'el7rhgs', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'glusterfs'}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python-flask / python-flask-doc / python-itsdangerous / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | tendrl-api-httpd | p-cpe:/a:redhat:enterprise_linux:tendrl-api-httpd |
redhat | enterprise_linux | tendrl-monitoring-integration | p-cpe:/a:redhat:enterprise_linux:tendrl-monitoring-integration |
redhat | enterprise_linux | tendrl-grafana-plugins | p-cpe:/a:redhat:enterprise_linux:tendrl-grafana-plugins |
redhat | enterprise_linux | 7 | cpe:/o:redhat:enterprise_linux:7 |
redhat | enterprise_linux | tendrl-ui | p-cpe:/a:redhat:enterprise_linux:tendrl-ui |
redhat | enterprise_linux | tendrl-api | p-cpe:/a:redhat:enterprise_linux:tendrl-api |
redhat | enterprise_linux | tendrl-commons | p-cpe:/a:redhat:enterprise_linux:tendrl-commons |
redhat | enterprise_linux | tendrl-ansible | p-cpe:/a:redhat:enterprise_linux:tendrl-ansible |
redhat | enterprise_linux | python-flask | p-cpe:/a:redhat:enterprise_linux:python-flask |
redhat | enterprise_linux | python-itsdangerous | p-cpe:/a:redhat:enterprise_linux:python-itsdangerous |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-1127
www.nessus.org/u?4707a0a6
www.nessus.org/u?d6c2aef9
access.redhat.com/errata/RHSA-2018:2616
access.redhat.com/security/updates/classification/#low
bugzilla.redhat.com/show_bug.cgi?id=1502012
bugzilla.redhat.com/show_bug.cgi?id=1506123
bugzilla.redhat.com/show_bug.cgi?id=1511993
bugzilla.redhat.com/show_bug.cgi?id=1512091
bugzilla.redhat.com/show_bug.cgi?id=1512696
bugzilla.redhat.com/show_bug.cgi?id=1512937
bugzilla.redhat.com/show_bug.cgi?id=1513361
bugzilla.redhat.com/show_bug.cgi?id=1513993
bugzilla.redhat.com/show_bug.cgi?id=1514171
bugzilla.redhat.com/show_bug.cgi?id=1514442
bugzilla.redhat.com/show_bug.cgi?id=1515213
bugzilla.redhat.com/show_bug.cgi?id=1515252
bugzilla.redhat.com/show_bug.cgi?id=1515660
bugzilla.redhat.com/show_bug.cgi?id=1516135
bugzilla.redhat.com/show_bug.cgi?id=1516417
bugzilla.redhat.com/show_bug.cgi?id=1517077
bugzilla.redhat.com/show_bug.cgi?id=1517132
bugzilla.redhat.com/show_bug.cgi?id=1517215
bugzilla.redhat.com/show_bug.cgi?id=1517246
bugzilla.redhat.com/show_bug.cgi?id=1517270
bugzilla.redhat.com/show_bug.cgi?id=1517422
bugzilla.redhat.com/show_bug.cgi?id=1518276
bugzilla.redhat.com/show_bug.cgi?id=1518516
bugzilla.redhat.com/show_bug.cgi?id=1518525
bugzilla.redhat.com/show_bug.cgi?id=1518610
bugzilla.redhat.com/show_bug.cgi?id=1518678
bugzilla.redhat.com/show_bug.cgi?id=1518736
bugzilla.redhat.com/show_bug.cgi?id=1519158
bugzilla.redhat.com/show_bug.cgi?id=1519178
bugzilla.redhat.com/show_bug.cgi?id=1519188
bugzilla.redhat.com/show_bug.cgi?id=1519201
bugzilla.redhat.com/show_bug.cgi?id=1519218
bugzilla.redhat.com/show_bug.cgi?id=1519724
bugzilla.redhat.com/show_bug.cgi?id=1519750
bugzilla.redhat.com/show_bug.cgi?id=1520886
bugzilla.redhat.com/show_bug.cgi?id=1525376
bugzilla.redhat.com/show_bug.cgi?id=1526338
bugzilla.redhat.com/show_bug.cgi?id=1526375
bugzilla.redhat.com/show_bug.cgi?id=1531133
bugzilla.redhat.com/show_bug.cgi?id=1531139
bugzilla.redhat.com/show_bug.cgi?id=1536354
bugzilla.redhat.com/show_bug.cgi?id=1538248
bugzilla.redhat.com/show_bug.cgi?id=1542914
bugzilla.redhat.com/show_bug.cgi?id=1546957
bugzilla.redhat.com/show_bug.cgi?id=1549146
bugzilla.redhat.com/show_bug.cgi?id=1555455
bugzilla.redhat.com/show_bug.cgi?id=1558431
bugzilla.redhat.com/show_bug.cgi?id=1559362
bugzilla.redhat.com/show_bug.cgi?id=1559364
bugzilla.redhat.com/show_bug.cgi?id=1559365
bugzilla.redhat.com/show_bug.cgi?id=1559368
bugzilla.redhat.com/show_bug.cgi?id=1559373
bugzilla.redhat.com/show_bug.cgi?id=1559379
bugzilla.redhat.com/show_bug.cgi?id=1559387
bugzilla.redhat.com/show_bug.cgi?id=1559390
bugzilla.redhat.com/show_bug.cgi?id=1559396
bugzilla.redhat.com/show_bug.cgi?id=1559399
bugzilla.redhat.com/show_bug.cgi?id=1559401
bugzilla.redhat.com/show_bug.cgi?id=1559402
bugzilla.redhat.com/show_bug.cgi?id=1559405
bugzilla.redhat.com/show_bug.cgi?id=1559415
bugzilla.redhat.com/show_bug.cgi?id=1559416
bugzilla.redhat.com/show_bug.cgi?id=1559417
bugzilla.redhat.com/show_bug.cgi?id=1559421
bugzilla.redhat.com/show_bug.cgi?id=1559426
bugzilla.redhat.com/show_bug.cgi?id=1559432
bugzilla.redhat.com/show_bug.cgi?id=1559433
bugzilla.redhat.com/show_bug.cgi?id=1559436
bugzilla.redhat.com/show_bug.cgi?id=1559486
bugzilla.redhat.com/show_bug.cgi?id=1559507
bugzilla.redhat.com/show_bug.cgi?id=1559690
bugzilla.redhat.com/show_bug.cgi?id=1559792
bugzilla.redhat.com/show_bug.cgi?id=1559901
bugzilla.redhat.com/show_bug.cgi?id=1560492
bugzilla.redhat.com/show_bug.cgi?id=1560879
bugzilla.redhat.com/show_bug.cgi?id=1561374
bugzilla.redhat.com/show_bug.cgi?id=1561428
bugzilla.redhat.com/show_bug.cgi?id=1561468
bugzilla.redhat.com/show_bug.cgi?id=1563519
bugzilla.redhat.com/show_bug.cgi?id=1563648
bugzilla.redhat.com/show_bug.cgi?id=1564107
bugzilla.redhat.com/show_bug.cgi?id=1564175
bugzilla.redhat.com/show_bug.cgi?id=1564423
bugzilla.redhat.com/show_bug.cgi?id=1564510
bugzilla.redhat.com/show_bug.cgi?id=1565479
bugzilla.redhat.com/show_bug.cgi?id=1565898
bugzilla.redhat.com/show_bug.cgi?id=1570048
bugzilla.redhat.com/show_bug.cgi?id=1570564
bugzilla.redhat.com/show_bug.cgi?id=1570616
bugzilla.redhat.com/show_bug.cgi?id=1571235
bugzilla.redhat.com/show_bug.cgi?id=1571244
bugzilla.redhat.com/show_bug.cgi?id=1571245
bugzilla.redhat.com/show_bug.cgi?id=1571280
bugzilla.redhat.com/show_bug.cgi?id=1571318
bugzilla.redhat.com/show_bug.cgi?id=1571325
bugzilla.redhat.com/show_bug.cgi?id=1571755
bugzilla.redhat.com/show_bug.cgi?id=1571809
bugzilla.redhat.com/show_bug.cgi?id=1572052
bugzilla.redhat.com/show_bug.cgi?id=1572090
bugzilla.redhat.com/show_bug.cgi?id=1572118
bugzilla.redhat.com/show_bug.cgi?id=1572151
bugzilla.redhat.com/show_bug.cgi?id=1572216
bugzilla.redhat.com/show_bug.cgi?id=1573079
bugzilla.redhat.com/show_bug.cgi?id=1573110
bugzilla.redhat.com/show_bug.cgi?id=1573481
bugzilla.redhat.com/show_bug.cgi?id=1573928
bugzilla.redhat.com/show_bug.cgi?id=1573950
bugzilla.redhat.com/show_bug.cgi?id=1574938
bugzilla.redhat.com/show_bug.cgi?id=1574942
bugzilla.redhat.com/show_bug.cgi?id=1575040
bugzilla.redhat.com/show_bug.cgi?id=1575835
bugzilla.redhat.com/show_bug.cgi?id=1575891
bugzilla.redhat.com/show_bug.cgi?id=1576794
bugzilla.redhat.com/show_bug.cgi?id=1576829
bugzilla.redhat.com/show_bug.cgi?id=1576848
bugzilla.redhat.com/show_bug.cgi?id=1578009
bugzilla.redhat.com/show_bug.cgi?id=1578329
bugzilla.redhat.com/show_bug.cgi?id=1578333
bugzilla.redhat.com/show_bug.cgi?id=1578885
bugzilla.redhat.com/show_bug.cgi?id=1579148
bugzilla.redhat.com/show_bug.cgi?id=1579150
bugzilla.redhat.com/show_bug.cgi?id=1579152
bugzilla.redhat.com/show_bug.cgi?id=1579516
bugzilla.redhat.com/show_bug.cgi?id=1579937
bugzilla.redhat.com/show_bug.cgi?id=1580385
bugzilla.redhat.com/show_bug.cgi?id=1580509
bugzilla.redhat.com/show_bug.cgi?id=1581212
bugzilla.redhat.com/show_bug.cgi?id=1581718
bugzilla.redhat.com/show_bug.cgi?id=1581736
bugzilla.redhat.com/show_bug.cgi?id=1581789
bugzilla.redhat.com/show_bug.cgi?id=1582465
bugzilla.redhat.com/show_bug.cgi?id=1583171
bugzilla.redhat.com/show_bug.cgi?id=1584095
bugzilla.redhat.com/show_bug.cgi?id=1584660
bugzilla.redhat.com/show_bug.cgi?id=1585116
bugzilla.redhat.com/show_bug.cgi?id=1585715
bugzilla.redhat.com/show_bug.cgi?id=1586074
bugzilla.redhat.com/show_bug.cgi?id=1588357
bugzilla.redhat.com/show_bug.cgi?id=1588440
bugzilla.redhat.com/show_bug.cgi?id=1588650
bugzilla.redhat.com/show_bug.cgi?id=1590405
bugzilla.redhat.com/show_bug.cgi?id=1592464
bugzilla.redhat.com/show_bug.cgi?id=1592487
bugzilla.redhat.com/show_bug.cgi?id=1592991
bugzilla.redhat.com/show_bug.cgi?id=1592992
bugzilla.redhat.com/show_bug.cgi?id=1593640
bugzilla.redhat.com/show_bug.cgi?id=1593852
bugzilla.redhat.com/show_bug.cgi?id=1593912
bugzilla.redhat.com/show_bug.cgi?id=1594762
bugzilla.redhat.com/show_bug.cgi?id=1594862
bugzilla.redhat.com/show_bug.cgi?id=1594899
bugzilla.redhat.com/show_bug.cgi?id=1594994
bugzilla.redhat.com/show_bug.cgi?id=1595005
bugzilla.redhat.com/show_bug.cgi?id=1595013
bugzilla.redhat.com/show_bug.cgi?id=1595015
bugzilla.redhat.com/show_bug.cgi?id=1595016
bugzilla.redhat.com/show_bug.cgi?id=1595052
bugzilla.redhat.com/show_bug.cgi?id=1595295
bugzilla.redhat.com/show_bug.cgi?id=1596655
bugzilla.redhat.com/show_bug.cgi?id=1596820
bugzilla.redhat.com/show_bug.cgi?id=1596862
bugzilla.redhat.com/show_bug.cgi?id=1597235
bugzilla.redhat.com/show_bug.cgi?id=1599634
bugzilla.redhat.com/show_bug.cgi?id=1599985
bugzilla.redhat.com/show_bug.cgi?id=1599987
bugzilla.redhat.com/show_bug.cgi?id=1600092
bugzilla.redhat.com/show_bug.cgi?id=1600113
bugzilla.redhat.com/show_bug.cgi?id=1603175
bugzilla.redhat.com/show_bug.cgi?id=1610266
bugzilla.redhat.com/show_bug.cgi?id=1611601
bugzilla.redhat.com/show_bug.cgi?id=1616208
bugzilla.redhat.com/show_bug.cgi?id=1616215
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
8.1 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
58.4%