ID REDHAT-RHSA-2020-4134.NASL Type nessus Reporter This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2020-09-30T00:00:00
Description
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in
the RHSA-2020:4134 advisory.
CloudForms: Cross Site Request Forgery in API notifications (CVE-2020-14369)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2020:4134. The text
# itself is copyright (C) Red Hat, Inc.
#
include('compat.inc');
if (description)
{
script_id(141086);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2020/09/30");
script_cve_id("CVE-2020-14369");
script_xref(name:"RHSA", value:"2020:4134");
script_name(english:"RHEL 8 : CloudForms 5.0.8 (RHSA-2020:4134)");
script_summary(english:"Checks the rpm output for the updated package");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing a security update.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in
the RHSA-2020:4134 advisory.
- CloudForms: Cross Site Request Forgery in API notifications (CVE-2020-14369)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://cwe.mitre.org/data/definitions/352.html");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/cve/CVE-2020-14369");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2020:4134");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/1871921");
script_set_attribute(attribute:"solution", value:
"Update the affected cfme-gemset package.");
script_set_attribute(attribute:"risk_factor", value:"Medium");
script_cwe_id(352);
script_set_attribute(attribute:"vuln_publication_date", value:"2020/09/30");
script_set_attribute(attribute:"patch_publication_date", value:"2020/09/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2020/09/30");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:cloudforms_managementengine:5.11");
script_set_attribute(attribute:"cpe", value:"cpe:/a:redhat:cloudforms_managementengine:5.11::el8");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:cfme-gemset");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('audit.inc');
include('global_settings.inc');
include('misc_func.inc');
include('rpm.inc');
include('lists.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
release = get_kb_item('Host/RedHat/release');
if (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');
os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
repositories = {
'cloudforms_managementengine_5_11_el8': [
'cfme-5.11-for-rhel-8-x86_64-debug-rpms',
'cfme-5.11-for-rhel-8-x86_64-rpms',
'cfme-5.11-for-rhel-8-x86_64-source-rpms'
]
};
found_repos = NULL;
host_repo_list = get_kb_list('Host/RedHat/repo-list/*');
if (!(empty_or_null(host_repo_list))) {
found_repos = make_list();
foreach repo_key (keys(repositories)) {
foreach repo ( repositories[repo_key] ) {
if (get_kb_item('Host/RedHat/repo-list/' + repo)) {
found_repos = make_list(found_repos, repo_key);
break;
}
}
}
if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4134');
}
pkgs = [
{'reference':'cfme-gemset-5.11.8.1-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['cloudforms_managementengine_5_11_el8']}
];
flag = 0;
foreach package_array ( pkgs ) {
reference = NULL;
release = NULL;
sp = NULL;
cpu = NULL;
el_string = NULL;
rpm_spec_vers_cmp = NULL;
epoch = NULL;
allowmaj = NULL;
repo_list = NULL;
if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (reference && release) {
if (empty_or_null(found_repos) || (!empty_or_null(found_repos) && collib::intersection(found_repos, repo_list))) {
if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
}
}
}
if (flag)
{
if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get() + redhat_report_package_caveat();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cfme-gemset');
}
{"id": "REDHAT-RHSA-2020-4134.NASL", "bulletinFamily": "scanner", "title": "RHEL 8 : CloudForms 5.0.8 (RHSA-2020:4134)", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:4134 advisory.\n\n - CloudForms: Cross Site Request Forgery in API notifications (CVE-2020-14369)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2020-09-30T00:00:00", "modified": "2020-09-30T00:00:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://www.tenable.com/plugins/nessus/141086", "reporter": "This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-14369", "https://bugzilla.redhat.com/1871921", "https://access.redhat.com/errata/RHSA-2020:4134", "https://cwe.mitre.org/data/definitions/352.html"], "cvelist": ["CVE-2020-14369"], "type": "nessus", "lastseen": "2020-12-05T21:35:42", "edition": 2, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-14369"]}, {"type": "redhat", "idList": ["RHSA-2020:4134"]}], "modified": "2020-12-05T21:35:42", "rev": 2}, "score": {"value": 3.5, "vector": "NONE", "modified": "2020-12-05T21:35:42", "rev": 2}, "vulnersScore": 3.5}, "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:4134. The text\n# itself is copyright (C) Red Hat, Inc.\n#\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(141086);\n script_version(\"1.1\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/30\");\n\n script_cve_id(\"CVE-2020-14369\");\n script_xref(name:\"RHSA\", value:\"2020:4134\");\n\n script_name(english:\"RHEL 8 : CloudForms 5.0.8 (RHSA-2020:4134)\");\n script_summary(english:\"Checks the rpm output for the updated package\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:4134 advisory.\n\n - CloudForms: Cross Site Request Forgery in API notifications (CVE-2020-14369)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/352.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-14369\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:4134\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1871921\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected cfme-gemset package.\");\n script_set_attribute(attribute:\"risk_factor\", value:\"Medium\");\n script_cwe_id(352);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:cloudforms_managementengine:5.11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:cloudforms_managementengine:5.11::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-gemset\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('lists.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'cloudforms_managementengine_5_11_el8': [\n 'cfme-5.11-for-rhel-8-x86_64-debug-rpms',\n 'cfme-5.11-for-rhel-8-x86_64-rpms',\n 'cfme-5.11-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n found_repos = make_list(found_repos, repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2020:4134');\n}\n\npkgs = [\n {'reference':'cfme-gemset-5.11.8.1-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['cloudforms_managementengine_5_11_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (empty_or_null(found_repos) || (!empty_or_null(found_repos) && collib::intersection(found_repos, repo_list))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'cfme-gemset');\n}\n", "naslFamily": "Red Hat Local Security Checks", "pluginID": "141086", "cpe": ["p-cpe:/a:redhat:enterprise_linux:cfme-gemset", "cpe:/a:redhat:cloudforms_managementengine:5.11::el8", "cpe:/a:redhat:cloudforms_managementengine:5.11", "cpe:/o:redhat:enterprise_linux:8"], "cvss3": {}, "scheme": null}
{"cve": [{"lastseen": "2020-12-09T22:03:07", "description": "This release fixes a Cross Site Request Forgery vulnerability was found in Red Hat CloudForms which forces end users to execute unwanted actions on a web application in which the user is currently authenticated. An attacker can make a forgery HTTP request to the server by crafting custom flash file which can force the user to perform state changing requests like provisioning VMs, running ansible playbooks and so forth.", "edition": 3, "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "LOW", "integrityImpact": "LOW", "baseScore": 6.3, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 3.4}, "published": "2020-12-02T15:15:00", "title": "CVE-2020-14369", "type": "cve", "cwe": ["CWE-352"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 6.8, "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-14369"], "modified": "2020-12-04T21:12:00", "cpe": ["cpe:/a:redhat:cloudforms:5.11"], "id": "CVE-2020-14369", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-14369", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:redhat:cloudforms:5.11:*:*:*:*:*:*:*"]}], "redhat": [{"lastseen": "2020-12-05T11:37:08", "bulletinFamily": "unix", "cvelist": ["CVE-2020-14369"], "description": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es):\n\n* cfme-gemset: CloudForms: Cross Site Request Forgery in API notifications (CVE-2020-14369)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.", "modified": "2020-09-30T17:47:49", "published": "2020-09-30T17:45:43", "id": "RHSA-2020:4134", "href": "https://access.redhat.com/errata/RHSA-2020:4134", "type": "redhat", "title": "(RHSA-2020:4134) Moderate: CloudForms 5.0.8 security, bug fix and enhancement update", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}]}
