The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:1313 advisory.
- rubygem-rest-client: session fixation vulnerability Set-Cookie headers present in an HTTP 30x redirection responses (CVE-2015-1820)
- rubygem-rest-client: unsanitized application logging (CVE-2015-3448)
- foreman: Managing repositories with their id via hammer does not respect the role filters (CVE-2017-2662)
- rack-protection: Timing attack in authenticity_token.rb (CVE-2018-1000119)
- rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)
- python-psutil: double free because of refcount mishandling (CVE-2019-18874)
- netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)
- foreman: world-readable OMAPI secret through the ISC DHCP server (CVE-2020-14335)
- rubygem-activeview: Cross-site scripting in translation helpers (CVE-2020-15169)
- resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633)
- rubygem-activestorage: circumvention of file size limits in ActiveStorage (CVE-2020-8162)
- rubygem-actionpack: possible strong parameters bypass (CVE-2020-8164)
- rubygem-activesupport: potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore (CVE-2020-8165)
- rubygem-actionpack: ability to forge per-form CSRF tokens given a global CSRF token (CVE-2020-8166)
- rubygem-actionview: CSRF vulnerability in rails-ujs (CVE-2020-8167)
- rubygem-rails: untrusted users able to run pending migrations in production (CVE-2020-8185)
- django: potential SQL injection via tolerance parameter in GIS functions and aggregates on Oracle (CVE-2020-9402)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
{"redhat": [{"lastseen": "2021-10-19T20:39:24", "description": "Red Hat Satellite is a systems management tool for Linux-based\ninfrastructure. It allows for provisioning, remote management, and\nmonitoring of multiple Linux deployments with a single centralized tool.\n\nSecurity Fix(es):\n\n* foreman: Managing repositories with their id via hammer does not respect the role filters (CVE-2017-2662)\n* python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n* candlepin: netty: compression/decompression codecs don't enforce limits on buffer allocation sizes (CVE-2020-11612)\n* foreman: world-readable OMAPI secret through the ISC DHCP server (CVE-2020-14335)\n* candlepin: resteasy-client: potential sensitive information leakage in JAX-RS RESTEasy Client's WebApplicationException handling (CVE-2020-25633)\n* python-django: potential SQL injection via \"tolerance\" parameter in GIS functions and aggregates on Oracle (CVE-2020-9402)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nAdditional Changes:\n\n* Usability enhancements to Red Hat's Simple Content Access mode and Satellite\n\n* Usability improvements to enabling Remote Execution on your hosts.\n\n* Notifications in the UI to warn users when subscriptions are expiring.\n\n* Usability enhancements to enable Insights integration with Satellite.\n\n* Performance improvements to various aspects of the user interface and API.\n\n* Added support for OpenID Connect for authentication.\n\n* Usability improvements to the Satellite Installer.\n\n* Updated Ruby web server to the modern Puma application server which replaces Passenger.\n\nThe items above are not a complete list of changes. This update also fixes\nseveral bugs and adds various enhancements. Documentation for these changes\nis available from the Release Notes document linked to in the References\nsection.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2021-04-21T12:43:38", "type": "redhat", "title": "(RHSA-2021:1313) Moderate: Satellite 6.9 Release", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1820", "CVE-2015-3448", "CVE-2017-2662", "CVE-2018-1000119", "CVE-2019-16782", "CVE-2019-18874", "CVE-2020-11612", "CVE-2020-14335", "CVE-2020-15169", "CVE-2020-25633", "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8185", "CVE-2020-9402"], "modified": "2021-05-07T18:18:28", "id": "RHSA-2021:1313", "href": "https://access.redhat.com/errata/RHSA-2021:1313", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-19T20:37:30", "description": "Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.\n\nSecurity Fix(es):\n\n* cfme-gemset: rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)\n\n* cfme-amazon-smartstate: rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nThis update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-10T13:30:30", "type": "redhat", "title": "(RHSA-2020:2480) Moderate: CloudForms 5.0.6 security, bug fix and enhancement update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16782"], "modified": "2020-06-10T13:34:08", "id": "RHSA-2020:2480", "href": "https://access.redhat.com/errata/RHSA-2020:2480", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-10-19T20:40:08", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* python-psutil: A double free issue has been discovered in python-psutil that may allow a local attacker to get code execution with the privileges of the user running the python-psutil application. (CVE-2019-18874)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-22T23:43:17", "type": "redhat", "title": "(RHSA-2020:2583) Moderate: OpenShift Container Platform 4.4.9 python-psutil security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2020-06-22T23:44:01", "id": "RHSA-2020:2583", "href": "https://access.redhat.com/errata/RHSA-2020:2583", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:39:57", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-23T19:26:29", "type": "redhat", "title": "(RHSA-2020:2635) Moderate: OpenShift Container Platform 4.3.26 python-psutil security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2020-06-23T19:29:52", "id": "RHSA-2020:2635", "href": "https://access.redhat.com/errata/RHSA-2020:2635", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-10-19T20:38:07", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-07-01T15:50:50", "type": "redhat", "title": "(RHSA-2020:2593) Moderate: OpenShift Container Platform 4.2.36 python-psutil security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2020-07-01T15:57:04", "id": "RHSA-2020:2593", "href": "https://access.redhat.com/errata/RHSA-2020:2593", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-11-22T18:37:54", "description": "psutil is a module providing an interface for retrieving information on all running processes and system utilization (CPU, memory, disks, network, users) in a portable way by using Python.\n\nSecurity Fix(es):\n\n* python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2021-11-09T09:01:04", "type": "redhat", "title": "(RHSA-2021:4324) Moderate: python-psutil security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2021-11-09T14:12:29", "id": "RHSA-2021:4324", "href": "https://access.redhat.com/errata/RHSA-2021:4324", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "osv": [{"lastseen": "2022-08-10T07:19:15", "description": "\nMultiple security issues were discovered in the Rails web framework\nwhich could result in cross-site scripting, information leaks, code\nexecution, cross-site request forgery or bypass of upload limits.\n\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:5.2.2.1+dfsg-1+deb10u2.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/rails](https://security-tracker.debian.org/tracker/rails)\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-09-24T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2022-08-10T07:19:11", "id": "OSV:DSA-4766-1", "href": "https://osv.dev/vulnerability/DSA-4766-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:16:58", "description": "\nTwo vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\n\n* [CVE-2020-8164](https://security-tracker.debian.org/tracker/CVE-2020-8164)\nStrong parameters bypass vector in ActionPack. In some cases user\n supplied information can be inadvertently leaked from Strong\n Parameters. Specifically the return value of `each`, or\n `each\\_value`, or `each\\_pair` will return the underlying\n untrusted hash of data that was read from the parameters.\n Applications that use this return value may be inadvertently use\n untrusted user input.\n* [CVE-2020-8165](https://security-tracker.debian.org/tracker/CVE-2020-8165)\nPotentially unintended unmarshalling of user-provided objects in\n MemCacheStore. There is potentially unexpected behaviour in the\n MemCacheStore where, when untrusted user input is written to the\n cache store using the `raw: true` parameter, re-reading the result\n from the cache can evaluate the user input as a Marshalled object\n instead of plain text. Unmarshalling of untrusted user input can\n have impact up to and including RCE. At a minimum, this\n vulnerability allows an attacker to inject untrusted Ruby objects\n into a web application.\n\n\nIn addition to upgrading to the latest versions of Rails,\n developers should ensure that whenever they are calling\n `Rails.cache.fetch` they are using consistent values of the `raw`\n parameter for both reading and writing.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-06-19T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8164", "CVE-2020-8165"], "modified": "2022-07-21T05:53:13", "id": "OSV:DLA-2251-1", "href": "https://osv.dev/vulnerability/DLA-2251-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-05T05:18:51", "description": "\nMultiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\n\n* [CVE-2020-8163](https://security-tracker.debian.org/tracker/CVE-2020-8163)\nA code injection vulnerability in Rails would allow an attacker\n who controlled the `locals` argument of a `render` call to perform\n a RCE.\n* [CVE-2020-8164](https://security-tracker.debian.org/tracker/CVE-2020-8164)\nA deserialization of untrusted data vulnerability exists in rails\n which can allow an attacker to supply information can be\n inadvertently leaked from Strong Parameters.\n* [CVE-2020-8165](https://security-tracker.debian.org/tracker/CVE-2020-8165)\nA deserialization of untrusted data vulnernerability exists in\n rails that can allow an attacker to unmarshal user-provided objects\n in MemCacheStore and RedisCacheStore potentially resulting in an\n RCE.\n\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:4.2.7.1-1+deb9u3.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/rails>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 9.8, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 5.9}, "published": "2020-07-20T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8163", "CVE-2020-8164", "CVE-2020-8165"], "modified": "2022-08-05T05:18:49", "id": "OSV:DLA-2282-1", "href": "https://osv.dev/vulnerability/DLA-2282-1", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-21T08:23:52", "description": "\nA timing attack was discovered in the function for CSRF token validation\nof the Ruby rack protection framework.\n\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.5.3-2+deb9u1.\n\n\nWe recommend that you upgrade your ruby-rack-protection packages.\n\n\nFor the detailed security status of ruby-rack-protection please refer to\nits security tracker page at:\n[\\\nhttps://security-tracker.debian.org/tracker/ruby-rack-protection](https://security-tracker.debian.org/tracker/ruby-rack-protection)\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-07-16T00:00:00", "type": "osv", "title": "ruby-rack-protection - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000119"], "modified": "2022-07-21T05:49:55", "id": "OSV:DSA-4247-1", "href": "https://osv.dev/vulnerability/DSA-4247-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-30T04:55:45", "description": "Sinatra rack-protection versions 1.5.4 and 2.0.0.rc3 and earlier contains a timing attack vulnerability in the CSRF token checking that can result in signatures can be exposed. This attack appear to be exploitable via network connectivity to the ruby application. This vulnerability appears to have been fixed in 1.5.5 and 2.0.0.", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.0", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2018-03-07T22:22:22", "type": "osv", "title": "Moderate severity vulnerability that affects rack-protection", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000119"], "modified": "2022-07-30T04:55:44", "id": "OSV:GHSA-688C-3X49-6RQJ", "href": "https://osv.dev/vulnerability/GHSA-688c-3x49-6rqj", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-30T04:47:14", "description": "There's a possible information leak / session hijack vulnerability in Rack. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session.\n\nThe session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.\n\n### Impact\n\nThe session id stored in a cookie is the same id that is used when querying the backing session storage engine. Most storage mechanisms (for example a database) use some sort of indexing in order to speed up the lookup of that id. By carefully timing requests and session lookup failures, an attacker may be able to perform a timing attack to determine an existing session id and hijack that session.\n\n## Releases\n\nThe 1.6.12 and 2.0.8 releases are available at the normal locations.\n\n### Workarounds\n\nThere are no known workarounds.\n\n### Patches\n\nTo aid users who aren't able to upgrade immediately we have provided patches for\nthe two supported release series. They are in git-am format and consist of a\nsingle changeset.\n\n* 1-6-session-timing-attack.patch - Patch for 1.6 series\n* 2-0-session-timing-attack.patch - Patch for 2.6 series\n\n### Credits\n\nThanks Will Leinweber for reporting this!", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.9, "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-12-18T19:01:31", "type": "osv", "title": "Possible Information Leak / Session Hijack Vulnerability in Rack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16782"], "modified": "2022-07-30T04:47:13", "id": "OSV:GHSA-HRQR-HXPP-CHR3", "href": "https://osv.dev/vulnerability/GHSA-hrqr-hxpp-chr3", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-30T04:49:47", "description": "There is a vulnerability in ActiveStorage's S3 adapter that allows the Content-Length of a\ndirect file upload to be modified by an end user.\n\nVersions Affected: rails < 5.2.4.2, rails < 6.0.3.1\nNot affected: Applications that do not use the direct upload functionality of the ActiveStorage S3 adapter.\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\n\nUtilizing this vulnerability, an attacker can control the Content-Length of an S3 direct upload URL without receiving a\nnew signature from the server. This could be used to bypass controls in place on the server to limit upload size.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily\nuntil such time as the application can be upgraded.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-26T15:09:48", "type": "osv", "title": "Circumvention of file size limits in ActiveStorage", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8162"], "modified": "2022-07-30T04:49:45", "id": "OSV:GHSA-M42X-37P3-FV5W", "href": "https://osv.dev/vulnerability/GHSA-m42x-37p3-fv5w", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-08-05T05:18:56", "description": "\nA potential Cross-Site Scripting (XSS) vulnerability was found in rails,\na ruby based MVC framework. Views that allow the user to control the\ndefault (not found) value of the `t` and `translate` helpers could be\nsusceptible to XSS attacks. When an HTML-unsafe string is passed as the\ndefault for a missing translation key named html or ending in \\_html, the\ndefault string is incorrectly marked as HTML-safe and not escaped.\n\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\n\nWe recommend that you upgrade your rails packages.\n\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\n<https://security-tracker.debian.org/tracker/rails>\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-10-09T00:00:00", "type": "osv", "title": "rails - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2022-08-05T05:18:55", "id": "OSV:DLA-2403-1", "href": "https://osv.dev/vulnerability/DLA-2403-1", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-30T04:53:03", "description": "There is a potential Cross-Site Scripting (XSS) vulnerability in Action View's translation helpers. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks.\n\n### Impact\n\nWhen an HTML-unsafe string is passed as the default for a missing translation key [named `html` or ending in `_html`](https://guides.rubyonrails.org/i18n.html#using-safe-html-translations), the default string is incorrectly marked as HTML-safe and not escaped. Vulnerable code may look like the following examples:\n\n```erb\n<%# The welcome_html translation is not defined for the current locale: %>\n<%= t(\"welcome_html\", default: untrusted_user_controlled_string) %>\n\n<%# Neither the title.html translation nor the missing.html translation is defined for the current locale: %>\n<%= t(\"title.html\", default: [:\"missing.html\", untrusted_user_controlled_string]) %>\n```\n\n### Patches\n\nPatched Rails versions, 6.0.3.3 and 5.2.4.4, are available from the normal locations.\n\nThe patches have also been applied to the `master`, `6-0-stable`, and `5-2-stable` branches on GitHub. If you track any of these branches, you should update to the latest.\n\nTo aid users who aren\u2019t able to upgrade immediately, we\u2019ve provided patches for the two supported release series. They are in git-am format and consist of a single changeset.\n\n* [5-2-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-5-2-translate-helper-xss-patch) \u2014 patch for the 5.2 release series\n* [6-0-translate-helper-xss.patch](https://gist.github.com/georgeclaghorn/a466e103922ee81f24c32c9034089442#file-6-0-translate-helper-xss-patch) \u2014 patch for the 6.0 release series\n\nPlease note that only the 5.2 and 6.0 release series are currently supported. Users of earlier, unsupported releases are advised to update as soon as possible, as we cannot provide security fixes for unsupported releases.\n\n### Workarounds\n\nImpacted users who can\u2019t upgrade to a patched Rails version can avoid this issue by manually escaping default translations with the `html_escape` helper (aliased as `h`):\n\n```erb\n<%= t(\"welcome_html\", default: h(untrusted_user_controlled_string)) %>\n```", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 6.1, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 2.7}, "published": "2020-09-11T15:19:57", "type": "osv", "title": "XSS in Action View", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2022-07-30T04:53:01", "id": "OSV:GHSA-CFJV-5498-MPH5", "href": "https://osv.dev/vulnerability/GHSA-cfjv-5498-mph5", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-30T04:54:05", "description": "A flaw was found in RESTEasy client in all versions of RESTEasy up to 4.5.6.Final. It may allow client users to obtain the server's potentially sensitive information when the server got WebApplicationException from the RESTEasy client call. The highest threat from this vulnerability is to data confidentiality.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 5.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 1.4}, "published": "2021-06-03T23:41:34", "type": "osv", "title": "Generation of Error Message Containing Sensitive Information in RESTEasy client", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-25633"], "modified": "2022-07-30T04:54:01", "id": "OSV:GHSA-HR32-MGPM-QF2F", "href": "https://osv.dev/vulnerability/GHSA-hr32-mgpm-qf2f", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-30T04:55:34", "description": "There is a vulnerability in versions of Rails prior to 6.0.3.2 that allowed\nan untrusted user to run any pending migrations on a Rails app running in\nproduction.\n\nThis vulnerability has been assigned the CVE identifier CVE-2020-8185.\n\nVersions Affected: 6.0.0 < rails < 6.0.3.2\nNot affected: Applications with `config.action_dispatch.show_exceptions = false` (this is not a default setting in production)\nFixed Versions: rails >= 6.0.3.2\n\nImpact\n------\n\nUsing this issue, an attacker would be able to execute any migrations that\nare pending for a Rails app running in production mode. It is important to\nnote that an attacker is limited to running migrations the application\ndeveloper has already defined in their application and ones that have not\nalready ran.\n\nWorkarounds\n-----------\n\nUntil such time as the patch can be applied, application developers should\ndisable the ActionDispatch middleware in their production environment via\na line such as this one in their config/environment/production.rb:\n\n`config.middleware.delete ActionDispatch::ActionableExceptions`", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "baseScore": 6.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-06-24T17:40:33", "type": "osv", "title": "Untrusted users can run pending migrations in production in Rails", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8185"], "modified": "2022-07-30T04:55:33", "id": "OSV:GHSA-C6QR-H5VQ-59JC", "href": "https://osv.dev/vulnerability/GHSA-c6qr-h5vq-59jc", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-08-05T05:18:38", "description": "\nIt was discovered that there were multiple double free\nvulnerabilities in python-psutil, a Python module providing\nconvenience functions for accessing system process data.\n\n\nThis was caused by incorrect reference counting handling within\nfor/while loops that convert system data into said Python objects.\n\n\n* [CVE-2019-18874](https://security-tracker.debian.org/tracker/CVE-2019-18874)\npsutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.\n\n\nFor Debian 8 Jessie, these problems have been fixed in version\n2.1.1-1+deb8u1.\n\n\nWe recommend that you upgrade your python-psutil packages.\n\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: <https://wiki.debian.org/LTS>\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-18T00:00:00", "type": "osv", "title": "python-psutil - security update", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2022-08-05T05:18:37", "id": "OSV:DLA-1998-1", "href": "https://osv.dev/vulnerability/DLA-1998-1", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-30T04:48:00", "description": "psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-03-12T17:02:50", "type": "osv", "title": "Double Free in psutil", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2022-07-30T04:47:56", "id": "OSV:GHSA-QFC5-MCWQ-26Q8", "href": "https://osv.dev/vulnerability/GHSA-qfc5-mcwq-26q8", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-05-12T01:32:51", "description": "psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2019-11-12T02:15:00", "type": "osv", "title": "PYSEC-2019-41", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2019-11-18T21:15:00", "id": "OSV:PYSEC-2019-41", "href": "https://osv.dev/vulnerability/PYSEC-2019-41", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-30T04:54:35", "description": "It is possible to possible to, given a global CSRF token such as the one\npresent in the authenticity_token meta tag, forge a per-form CSRF token for\nany action for that session.\n\nImpact\n------\n\nGiven the ability to extract the global CSRF token, an attacker would be able to\nconstruct a per-form CSRF token for that session.\n\nWorkarounds\n-----------\n\nThis is a low-severity security issue. As such, no workaround is necessarily\nuntil such time as the application can be upgraded.", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "baseScore": 4.3, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N", "version": "3.1", "userInteraction": "REQUIRED"}, "impactScore": 1.4}, "published": "2020-05-26T15:11:13", "type": "osv", "title": "Ability to forge per-form CSRF tokens in Rails", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8166"], "modified": "2022-07-30T04:54:13", "id": "OSV:GHSA-JP5V-5GX4-JMJ9", "href": "https://osv.dev/vulnerability/GHSA-jp5v-5gx4-jmj9", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-07-30T04:56:38", "description": "There is a strong parameters bypass vector in ActionPack.\n\nVersions Affected: rails <= 6.0.3\nNot affected: rails < 4.0.0\nFixed Versions: rails >= 5.2.4.3, rails >= 6.0.3.1\n\nImpact\n------\nIn some cases user supplied information can be inadvertently leaked from\nStrong Parameters. Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying \"untrusted\" hash of data that was\nread from the parameters. Applications that use this return value may be\ninadvertently use untrusted user input.\n\nImpacted code will look something like this:\n\n```\ndef update\n # Attacker has included the parameter: `{ is_admin: true }`\n User.update(clean_up_params)\nend\n\ndef clean_up_params\n params.each { |k, v| SomeModel.check(v) if k == :name }\nend\n```\n\nNote the mistaken use of `each` in the `clean_up_params` method in the above\nexample.\n\nWorkarounds\n-----------\nDo not use the return values of `each`, `each_value`, or `each_pair` in your\napplication.", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "baseScore": 7.5, "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1", "userInteraction": "NONE"}, "impactScore": 3.6}, "published": "2020-05-26T15:09:16", "type": "osv", "title": "Possible Strong Parameters Bypass in ActionPack", "bulletinFamily": "software", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "acInsufInfo": false, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8164"], "modified": "2022-07-30T04:56:35", "id": "OSV:GHSA-8727-M6GJ-MC37", "href": "https://osv.dev/vulnerability/GHSA-8727-m6gj-mc37", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}], "debian": [{"lastseen": "2022-02-17T11:31:34", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4766-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nSeptember 24, 2020 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : rails\nCVE ID : CVE-2020-8162 CVE-2020-8164 CVE-2020-8165 CVE-2020-8166 \n CVE-2020-8167 CVE-2020-15169\n\nMultiple security issues were discovered in the Rails web framework\nwhich could result in cross-site scripting, information leaks, code\nexecution, cross-site request forgery or bypass of upload limits.\n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2:5.2.2.1+dfsg-1+deb10u2.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-09-24T20:50:38", "type": "debian", "title": "[SECURITY] [DSA 4766-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169", "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-09-24T20:50:38", "id": "DEBIAN:DSA-4766-1:03D2D", "href": "https://lists.debian.org/debian-security-announce/2020/msg00173.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-20T14:56:57", "description": "Package : rails\nVersion : 2:4.1.8-1+deb8u7\nCVE ID : CVE-2020-8164 CVE-2020-8165\n\n\nTwo vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8164\n\n Strong parameters bypass vector in ActionPack. In some cases user\n supplied information can be inadvertently leaked from Strong\n Parameters. Specifically the return value of `each`, or\n `each_value`, or `each_pair` will return the underlying\n "untrusted" hash of data that was read from the parameters.\n Applications that use this return value may be inadvertently use\n untrusted user input.\n\nCVE-2020-8165\n\n Potentially unintended unmarshalling of user-provided objects in\n MemCacheStore. There is potentially unexpected behaviour in the\n MemCacheStore where, when untrusted user input is written to the\n cache store using the `raw: true` parameter, re-reading the result\n from the cache can evaluate the user input as a Marshalled object\n instead of plain text. Unmarshalling of untrusted user input can\n have impact up to and including RCE. At a minimum, this\n vulnerability allows an attacker to inject untrusted Ruby objects\n into a web application.\n\n In addition to upgrading to the latest versions of Rails,\n developers should ensure that whenever they are calling\n `Rails.cache.fetch` they are using consistent values of the `raw`\n parameter for both reading and writing.\n\nFor Debian 8 "Jessie", these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-06-19T17:14:46", "type": "debian", "title": "[SECURITY] [DLA 2251-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8164", "CVE-2020-8165"], "modified": "2020-06-19T17:14:46", "id": "DEBIAN:DLA-2251-1:4D21E", "href": "https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-12-06T03:03:11", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2282-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ \nJuly 20, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : rails\nVersion : 2:4.2.7.1-1+deb9u3\nCVE ID : CVE-2020-8163 CVE-2020-8164 CVE-2020-8165\n\nMultiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8163\n\n A code injection vulnerability in Rails would allow an attacker\n who controlled the `locals` argument of a `render` call to perform\n a RCE.\n\nCVE-2020-8164\n\n A deserialization of untrusted data vulnerability exists in rails\n which can allow an attacker to supply information can be\n inadvertently leaked from Strong Parameters.\n\nCVE-2020-8165\n\n A deserialization of untrusted data vulnernerability exists in\n rails that can allow an attacker to unmarshal user-provided objects\n in MemCacheStore and RedisCacheStore potentially resulting in an\n RCE.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:4.2.7.1-1+deb9u3.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-07-20T13:17:33", "type": "debian", "title": "[SECURITY] [DLA 2282-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8163", "CVE-2020-8164", "CVE-2020-8165"], "modified": "2020-07-20T13:17:33", "id": "DEBIAN:DLA-2282-1:AA7B9", "href": "https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-10-21T18:34:33", "description": "- -------------------------------------------------------------------------\nDebian Security Advisory DSA-4247-1 security@debian.org\nhttps://www.debian.org/security/ Moritz Muehlenhoff\nJuly 16, 2018 https://www.debian.org/security/faq\n- -------------------------------------------------------------------------\n\nPackage : ruby-rack-protection\nCVE ID : CVE-2018-1000119\n\nA timing attack was discovered in the function for CSRF token validation\nof the "Ruby rack protection" framework.\t\t\t\t\t\t\t\t\t\t\t \n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.5.3-2+deb9u1.\n\nWe recommend that you upgrade your ruby-rack-protection packages.\n\nFor the detailed security status of ruby-rack-protection please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/ruby-rack-protection\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 3.6}, "published": "2018-07-16T21:02:05", "type": "debian", "title": "[SECURITY] [DSA 4247-1] ruby-rack-protection security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-1000119"], "modified": "2018-07-16T21:02:05", "id": "DEBIAN:DSA-4247-1:034D0", "href": "https://lists.debian.org/debian-security-announce/2018/msg00176.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-05T03:03:04", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2403-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nOctober 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : rails\nVersion : 2:4.2.7.1-1+deb9u4\nCVE ID : CVE-2020-15169\nDebian Bug : 970040\n\nA potential Cross-Site Scripting (XSS) vulnerability was found in rails,\na ruby based MVC framework. Views that allow the user to control the\ndefault (not found) value of the `t` and `translate` helpers could be\nsusceptible to XSS attacks. When an HTML-unsafe string is passed as the\ndefault for a missing translation key named html or ending in _html, the\ndefault string is incorrectly marked as HTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-10-09T18:20:48", "type": "debian", "title": "[SECURITY] [DLA 2403-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2020-10-09T18:20:48", "id": "DEBIAN:DLA-2403-1:8BD9E", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T10:55:38", "description": "- -------------------------------------------------------------------------\nDebian LTS Advisory DLA-2403-1 debian-lts@lists.debian.org\nhttps://www.debian.org/lts/security/ Markus Koschany\nOctober 09, 2020 https://wiki.debian.org/LTS\n- -------------------------------------------------------------------------\n\nPackage : rails\nVersion : 2:4.2.7.1-1+deb9u4\nCVE ID : CVE-2020-15169\nDebian Bug : 970040\n\nA potential Cross-Site Scripting (XSS) vulnerability was found in rails,\na ruby based MVC framework. Views that allow the user to control the\ndefault (not found) value of the `t` and `translate` helpers could be\nsusceptible to XSS attacks. When an HTML-unsafe string is passed as the\ndefault for a missing translation key named html or ending in _html, the\ndefault string is incorrectly marked as HTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/rails\n\nFurther information about Debian LTS security advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://wiki.debian.org/LTS", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-10-09T18:20:48", "type": "debian", "title": "[SECURITY] [DLA 2403-1] rails security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2020-10-09T18:20:48", "id": "DEBIAN:DLA-2403-1:A426F", "href": "https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-10-22T11:59:08", "description": "Package : python-psutil\nVersion : 2.1.1-1+deb8u1\nCVE ID : CVE-2019-18874\nDebian Bug : #944605\n\nIt was discovered that there were multiple double free\nvulnerabilities in python-psutil, a Python module providing\nconvenience functions for accessing system process data.\n\nThis was caused by incorrect reference counting handling within\nfor/while loops that convert system data into said Python objects.\n\nFor Debian 8 "Jessie", this issue has been fixed in python-psutil\nversion 2.1.1-1+deb8u1.\n\nWe recommend that you upgrade your python-psutil packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-18T18:55:02", "type": "debian", "title": "[SECURITY] [DLA 1998-1] python-psutil security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2019-11-18T18:55:02", "id": "DEBIAN:DLA-1998-1:AFAA4", "href": "https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-12-02T14:59:39", "description": "Package : python-psutil\nVersion : 2.1.1-1+deb8u1\nCVE ID : CVE-2019-18874\nDebian Bug : #944605\n\nIt was discovered that there were multiple double free\nvulnerabilities in python-psutil, a Python module providing\nconvenience functions for accessing system process data.\n\nThis was caused by incorrect reference counting handling within\nfor/while loops that convert system data into said Python objects.\n\nFor Debian 8 "Jessie", this issue has been fixed in python-psutil\nversion 2.1.1-1+deb8u1.\n\nWe recommend that you upgrade your python-psutil packages.\n\n\nRegards,\n\n- -- \n ,''`.\n : :' : Chris Lamb\n `. `'` lamby@debian.org / chris-lamb.co.uk\n `-", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "HIGH", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 7.5, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-11-18T18:55:02", "type": "debian", "title": "[SECURITY] [DLA 1998-1] python-psutil security update", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 5.0, "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-18874"], "modified": "2019-11-18T18:55:02", "id": "DEBIAN:DLA-1998-1:72403", "href": "https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}], "nessus": [{"lastseen": "2022-08-11T15:14:37", "description": "Multiple security issues were discovered in the Rails web framework which could result in cross-site scripting, information leaks, code execution, cross-site request forgery or bypass of upload limits.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-09-25T00:00:00", "type": "nessus", "title": "Debian DSA-4766-1 : rails - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169", "CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-09-29T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "cpe:/o:debian:debian_linux:10.0"], "id": "DEBIAN_DSA-4766.NASL", "href": "https://www.tenable.com/plugins/nessus/140796", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4766. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140796);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/29\");\n\n script_cve_id(\"CVE-2020-15169\", \"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\");\n script_xref(name:\"DSA\", value:\"4766\");\n\n script_name(english:\"Debian DSA-4766-1 : rails - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple security issues were discovered in the Rails web framework\nwhich could result in cross-site scripting, information leaks, code\nexecution, cross-site request forgery or bypass of upload limits.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/buster/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2020/dsa-4766\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"Upgrade the rails packages.\n\nFor the stable distribution (buster), these problems have been fixed\nin version 2:5.2.2.1+dfsg-1+deb10u2.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:10.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"10.0\", prefix:\"rails\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actioncable\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actionmailer\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actionpack\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-actionview\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activejob\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activemodel\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activerecord\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activestorage\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-activesupport\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-rails\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\nif (deb_check(release:\"10.0\", prefix:\"ruby-railties\", reference:\"2:5.2.2.1+dfsg-1+deb10u2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:15:13", "description": "Ruby on Rails blog :\n\nHi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.\n\nBoth releases contain the following fixes :\n\nCVE-2020-8162: Circumvention of file size limits in ActiveStorage\n\nCVE-2020-8164: Possible Strong Parameters Bypass in ActionPack\n\nCVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore\n\nCVE-2020-8166: Ability to forge per-form CSRF tokens given a global CSRF token\n\nCVE-2020-8167: CSRF Vulnerability in rails-ujs", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-05-20T00:00:00", "type": "nessus", "title": "FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-06-26T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionpack52", "p-cpe:/a:freebsd:freebsd:rubygem-actionpack60", "p-cpe:/a:freebsd:freebsd:rubygem-actionview52", "p-cpe:/a:freebsd:freebsd:rubygem-actionview60", "p-cpe:/a:freebsd:freebsd:rubygem-activestorage52", "p-cpe:/a:freebsd:freebsd:rubygem-activestorage60", "p-cpe:/a:freebsd:freebsd:rubygem-activesupport52", "p-cpe:/a:freebsd:freebsd:rubygem-activesupport60", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_85FCA71899F611EABF1D08002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/136726", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(136726);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/06/26\");\n\n script_cve_id(\"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\");\n\n script_name(english:\"FreeBSD : Rails -- multiple vulnerabilities (85fca718-99f6-11ea-bf1d-08002728f74c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby on Rails blog :\n\nHi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These\nreleases contain important security fixes, so please upgrade when you\ncan.\n\nBoth releases contain the following fixes :\n\nCVE-2020-8162: Circumvention of file size limits in ActiveStorage\n\nCVE-2020-8164: Possible Strong Parameters Bypass in ActionPack\n\nCVE-2020-8165: Potentially unintended unmarshalling of user-provided\nobjects in MemCacheStore and RedisCacheStore\n\nCVE-2020-8166: Ability to forge per-form CSRF tokens given a global\nCSRF token\n\nCVE-2020-8167: CSRF Vulnerability in rails-ujs\"\n );\n # https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8268ac87\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/PjU3946mreQ\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?97c30406\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/f6ioe4sdpbY\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?fc4f9c88\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/bv6fW4S0Y1c\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?bbe96cfa\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/NOjKiGeXUgw\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?62b6f4ce\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/x9DixQDG9a0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?59fb4e94\"\n );\n # https://vuxml.freebsd.org/freebsd/85fca718-99f6-11ea-bf1d-08002728f74c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a6180b1f\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activestorage52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activestorage60\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activesupport52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-activesupport60\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/05/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/05/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activestorage52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activesupport52<5.2.4.3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack60<6.0.3.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview60<6.0.3.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activestorage60<6.0.3.1\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-activesupport60<6.0.3.1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-08-19T12:41:21", "description": "Update to rest-client 1.8.0.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2016-07-14T00:00:00", "type": "nessus", "title": "Fedora 23 : rubygem-rest-client (2015-8dce7405bf)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1820", "CVE-2015-3448"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:rubygem-rest-client", "cpe:/o:fedoraproject:fedora:23"], "id": "FEDORA_2015-8DCE7405BF.NASL", "href": "https://www.tenable.com/plugins/nessus/92050", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2015-8dce7405bf.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(92050);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2015-1820\", \"CVE-2015-3448\");\n script_xref(name:\"FEDORA\", value:\"2015-8dce7405bf\");\n\n script_name(english:\"Fedora 23 : rubygem-rest-client (2015-8dce7405bf)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to rest-client 1.8.0.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2015-8dce7405bf\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected rubygem-rest-client package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-rest-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:23\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/04/29\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/08/27\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2016/07/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2016-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^23([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 23\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC23\", reference:\"rubygem-rest-client-1.8.0-1.fc23\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_HOLE,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rubygem-rest-client\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-08-11T15:08:01", "description": "Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application.\n\nCVE-2020-8164\n\nStrong parameters bypass vector in ActionPack. In some cases user supplied information can be inadvertently leaked from Strong Parameters. Specifically the return value of `each`, or `each_value`, or `each_pair` will return the underlying 'untrusted' hash of data that was read from the parameters. Applications that use this return value may be inadvertently use untrusted user input.\n\nCVE-2020-8165\n\nPotentially unintended unmarshalling of user-provided objects in MemCacheStore. There is potentially unexpected behaviour in the MemCacheStore where, when untrusted user input is written to the cache store using the `raw: true` parameter, re-reading the result from the cache can evaluate the user input as a Marshalled object instead of plain text. Unmarshalling of untrusted user input can have impact up to and including RCE. At a minimum, this vulnerability allows an attacker to inject untrusted Ruby objects into a web application.\n\nIn addition to upgrading to the latest versions of Rails, developers should ensure that whenever they are calling `Rails.cache.fetch` they are using consistent values of the `raw` parameter for both reading and writing.\n\nFor Debian 8 'Jessie', these problems have been fixed in version 2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-06-22T00:00:00", "type": "nessus", "title": "Debian DLA-2251-1 : rails security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8164", "CVE-2020-8165"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "p-cpe:/a:debian:debian_linux:ruby-actionmailer", "p-cpe:/a:debian:debian_linux:ruby-actionpack", "p-cpe:/a:debian:debian_linux:ruby-actionview", "p-cpe:/a:debian:debian_linux:ruby-activemodel", "p-cpe:/a:debian:debian_linux:ruby-activerecord", "p-cpe:/a:debian:debian_linux:ruby-activesupport", "p-cpe:/a:debian:debian_linux:ruby-activesupport-2.3", "p-cpe:/a:debian:debian_linux:ruby-rails", "p-cpe:/a:debian:debian_linux:ruby-railties", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-2251.NASL", "href": "https://www.tenable.com/plugins/nessus/137670", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2251-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137670);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2020-8164\", \"CVE-2020-8165\");\n\n script_name(english:\"Debian DLA-2251-1 : rails security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8164\n\nStrong parameters bypass vector in ActionPack. In some cases user\nsupplied information can be inadvertently leaked from Strong\nParameters. Specifically the return value of `each`, or `each_value`,\nor `each_pair` will return the underlying 'untrusted' hash of data\nthat was read from the parameters. Applications that use this return\nvalue may be inadvertently use untrusted user input.\n\nCVE-2020-8165\n\nPotentially unintended unmarshalling of user-provided objects in\nMemCacheStore. There is potentially unexpected behaviour in the\nMemCacheStore where, when untrusted user input is written to the cache\nstore using the `raw: true` parameter, re-reading the result from the\ncache can evaluate the user input as a Marshalled object instead of\nplain text. Unmarshalling of untrusted user input can have impact up\nto and including RCE. At a minimum, this vulnerability allows an\nattacker to inject untrusted Ruby objects into a web application.\n\nIn addition to upgrading to the latest versions of Rails,\ndevelopers should ensure that whenever they are calling\n`Rails.cache.fetch` they are using consistent values of the\n`raw` parameter for both reading and writing.\n\nFor Debian 8 'Jessie', these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/rails\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport-2.3\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"rails\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionpack\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-actionview\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activemodel\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activerecord\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-activesupport-2.3\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-rails\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"ruby-railties\", reference:\"2:4.1.8-1+deb8u7\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:47:05", "description": "This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5 :\n\n - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\n - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\n - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\n - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\n - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\n - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\n - Updated rails and puma dependencies for security fixes.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-23T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rmt-server (openSUSE-2020-1993)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rmt-server", "p-cpe:/a:novell:opensuse:rmt-server-config", "p-cpe:/a:novell:opensuse:rmt-server-debuginfo", "p-cpe:/a:novell:opensuse:rmt-server-debugsource", "p-cpe:/a:novell:opensuse:rmt-server-pubcloud", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1993.NASL", "href": "https://www.tenable.com/plugins/nessus/143190", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1993.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143190);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"openSUSE Security Update : rmt-server (openSUSE-2020-1993)\");\n script_summary(english:\"Check for the openSUSE-2020-1993 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5 :\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Updated rails and puma dependencies for security fixes.\n\nThis update was imported from the SUSE:SLE-15-SP2:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1165548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1168554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rmt-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-pubcloud\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/21\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-config-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-debuginfo-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-debugsource-2.6.5-lp152.2.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"rmt-server-pubcloud-2.6.5-lp152.2.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server / rmt-server-config / rmt-server-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:48:32", "description": "This update for rmt-server fixes the following issues :\n\n - Version 2.6.5\n\n - Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\n - Version 2.6.4\n\n - Add web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\n - Version 2.6.3\n\n - Instead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\n - Version 2.6.2\n\n - Fix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\n\n\n - Version 2.6.1\n\n - Fixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\n - Version 2.6.0\n\n - Friendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\n - Version 2.5.20\n\n - Updated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\n - Version 2.5.19\n\n - RMT now has the ability to remove local systems with the command `rmt-cli systems remove`.\n\n - Version 2.5.18\n\n - Fixed exit code for `rmt-cli mirror` and its subcommands. Now it exits with 1 whenever an error occurs during mirroring\n\n - Improved message logging for `rtm-cli mirror`. Instead of logging an error when it occurs, the command summarize all errors at the end of execution. Now log messages have colors to better identify failure/success.\n\n - Version 2.5.17\n\n - RMT no longer provides the installer updates repository to systems via its zypper service. This repository is used during the installation process, as it provides an up-to-date installation experience, but it has no use on an already installed system.\n\n - Version 2.5.16\n\n - Updated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\n - Version 2.5.15\n\n - RMT now checks if repositories are fully mirrored during the activation process. Previously, RMT only checked if the repositories were enabled to be mirrored, but not that they were actually mirrored. In this case, RMTs were not able to provide the repository data which systems assumed it had.\n\n - Version 2.5.14\n\n - Enable 'Installer-Updates' repositories by default\n\n - Fixed deprecation warning when thor encountered an error. Also, instead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\n - Version 2.5.13\n\n - Added `rmt-cli repos clean` command to remove locally mirrored files of repositories which are not marked to be mirrored.\n\n - Previously, RMT didn't track deduplicated files in its database. Now, to accommodate `rmt-cli repos clean`, RMT will track all mirrored files.\n\n - Move the nginx reload to the configuration package which contain nginx config files, don't reload nginx unconditionally from main package.\n\n - Version 2.5.12\n\n - Update rack to version 2.2.3 (CVE-2020-8184:\n bsc#1173351)\n\n - Update Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\n - Version 2.5.11\n\n - rmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available subscriptions\n\n - Added a manual instance verification script\n\n - Version 2.5.10\n\n - Support rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1 generates a lot of warnings with Ruby 2.7, mainly due to 'capturing the given block with Proc.new', which is deprecated;\n\n - Improve RPM spec to consider only the distribution default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler.\n\n - Move nginx/vhosts.d directory to correct sub-package.\n They are needed together with nginx, not rmt-server.\n\n - Fix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on another host\n\n - Fix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\n - Version 2.5.9\n\n - rmt-server-pubcloud: enforce strict authentication\n\n - Version 2.5.8\n\n - Use repomd_parser gem to remove repository metadata parsing code.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-11-24T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rmt-server (openSUSE-2020-2000)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:rmt-server", "p-cpe:/a:novell:opensuse:rmt-server-config", "p-cpe:/a:novell:opensuse:rmt-server-debuginfo", "p-cpe:/a:novell:opensuse:rmt-server-debugsource", "p-cpe:/a:novell:opensuse:rmt-server-pubcloud", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-2000.NASL", "href": "https://www.tenable.com/plugins/nessus/143225", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-2000.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143225);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"openSUSE Security Update : rmt-server (openSUSE-2020-2000)\");\n script_summary(english:\"Check for the openSUSE-2020-2000 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\n - Version 2.6.5\n\n - Solved potential bug of SCC repository URLs changing\n over time. RMT now self heals by removing the previous\n invalid repository and creating the correct one.\n\n - Version 2.6.4\n\n - Add web server settings to /etc/rmt.conf: Now it's\n possible to configure the minimum and maximum threads\n count as well the number of web server workers to be\n booted through /etc/rmt.conf.\n\n - Version 2.6.3\n\n - Instead of using an MD5 of URLs for custom repository\n friendly_ids, RMT now builds an ID from the name.\n\n - Version 2.6.2\n\n - Fix RMT file caching based on timestamps: Previously,\n RMT sent GET requests with the header\n 'If-Modified-Since' to a repository server and if the\n response had a 304 (Not Modified), it would copy a file\n from the local cache instead of downloading. However, if\n the local file timestamp accidentally changed to a date\n newer than the one on the repository server, RMT would\n have an outdated file, which caused some errors. Now,\n RMT makes HEAD requests to the repositories servers and\n inspect the 'Last-Modified' header to decide whether to\n download a file or copy it from cache, by comparing the\n equalness of timestamps.\n\n\n\n - Version 2.6.1\n\n - Fixed an issue where relative paths supplied to `rmt-cli\n import repos` caused the command to fail.\n\n - Version 2.6.0\n\n - Friendlier IDs for custom repositories: In an effort to\n simplify the handling of SCC and custom repositories,\n RMT now has friendly IDs. For SCC repositories, it's the\n same SCC ID as before. For custom repositories, it can\n either be user provided or RMT generated (MD5 of the\n provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\n - Version 2.5.20\n\n - Updated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\n - Version 2.5.19\n\n - RMT now has the ability to remove local systems with the\n command `rmt-cli systems remove`.\n\n - Version 2.5.18\n\n - Fixed exit code for `rmt-cli mirror` and its\n subcommands. Now it exits with 1 whenever an error\n occurs during mirroring\n\n - Improved message logging for `rtm-cli mirror`. Instead\n of logging an error when it occurs, the command\n summarize all errors at the end of execution. Now log\n messages have colors to better identify failure/success.\n\n - Version 2.5.17\n\n - RMT no longer provides the installer updates repository\n to systems via its zypper service. This repository is\n used during the installation process, as it provides an\n up-to-date installation experience, but it has no use on\n an already installed system.\n\n - Version 2.5.16\n\n - Updated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\n - Version 2.5.15\n\n - RMT now checks if repositories are fully mirrored during\n the activation process. Previously, RMT only checked if\n the repositories were enabled to be mirrored, but not\n that they were actually mirrored. In this case, RMTs\n were not able to provide the repository data which\n systems assumed it had.\n\n - Version 2.5.14\n\n - Enable 'Installer-Updates' repositories by default\n\n - Fixed deprecation warning when thor encountered an\n error. Also, instead of returning 0 for thor errors,\n rmt-cli will return 1 instead.\n\n - Version 2.5.13\n\n - Added `rmt-cli repos clean` command to remove locally\n mirrored files of repositories which are not marked to\n be mirrored.\n\n - Previously, RMT didn't track deduplicated files in its\n database. Now, to accommodate `rmt-cli repos clean`, RMT\n will track all mirrored files.\n\n - Move the nginx reload to the configuration package which\n contain nginx config files, don't reload nginx\n unconditionally from main package.\n\n - Version 2.5.12\n\n - Update rack to version 2.2.3 (CVE-2020-8184:\n bsc#1173351)\n\n - Update Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\n - Version 2.5.11\n\n - rmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\n - Version 2.5.10\n\n - Support rmt-server to run with Ruby 2.7\n (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\n - Move nginx/vhosts.d directory to correct sub-package.\n They are needed together with nginx, not rmt-server.\n\n - Fix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\n - Fix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\n - Version 2.5.9\n\n - rmt-server-pubcloud: enforce strict authentication\n\n - Version 2.5.8\n\n - Use repomd_parser gem to remove repository metadata\n parsing code.\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update\nproject.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rmt-server packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:rmt-server-pubcloud\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/11/24\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-config-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-debuginfo-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-debugsource-2.6.5-lp151.2.18.2\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"rmt-server-pubcloud-2.6.5-lp151.2.18.2\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server / rmt-server-config / rmt-server-debuginfo / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:46:55", "description": "This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5: Solved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\nInstead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\nFixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\nFriendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\nUpdated rails and puma dependencies for security fixes.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3036-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo", "p-cpe:/a:novell:suse_linux:rmt-server-debugsource", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3036-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143751", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3036-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143751);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3036-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nUpdate to version 2.6.5: Solved potential bug of SCC repository URLs\nchanging over time. RMT now self heals by removing the previous\ninvalid repository and creating the correct one.\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nUpdated rails and puma dependencies for security fixes.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1165548\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1168554\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203036-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?08477350\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP2 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP2-2020-3036=1\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP2 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP2-2020-3036=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debugsource\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(2)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP2\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-config-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-debuginfo-2.6.5-3.3.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"2\", reference:\"rmt-server-debugsource-2.6.5-3.3.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:46:32", "description": "This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command `rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits with 1 whenever an error occurrs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an error when it occurs, the command summarize all errors at the end of execution. Now log messages have colors to better identify failure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via its zypper service. This repository is used during the installation process, as it provides an up-to-date installation experience, but it has no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the activation process. Previously, RMT only checked if the repositories were enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which systems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also, instead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files of repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now, to accommodate `rmt-cli repos clean`, RMT will track all mirrored files.\n\nMove the nginx reload to the configuration package which contain nginx config files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1 generates a lot of warnings with Ruby 2.7, mainly due to 'capturing the given block with Proc.new', which is deprecated;\n\n - Improve RPM spec to consider only the distribution default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed together with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3147-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3147-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143622", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3147-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143622);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3147-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurrs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203147-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3122c55\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Server for SAP 15 :\n\nzypper in -t patch SUSE-SLE-Product-SLES_SAP-15-2020-3147=1\n\nSUSE Linux Enterprise Server 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-SLES-15-2020-3147=1\n\nSUSE Linux Enterprise High Performance Computing 15-LTSS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3147=1\n\nSUSE Linux Enterprise High Performance Computing 15-ESPOS :\n\nzypper in -t patch SUSE-SLE-Product-HPC-15-2020-3147=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/04\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\nif (cpu >!< \"s390x\") audit(AUDIT_ARCH_NOT, \"s390x\", cpu);\n\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(0)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP0\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-2.6.5-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-config-2.6.5-3.34.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"0\", cpu:\"s390x\", reference:\"rmt-server-debuginfo-2.6.5-3.34.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:49:37", "description": "This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT now self heals by removing the previous invalid repository and creating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to configure the minimum and maximum threads count as well the number of web server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids, RMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET requests with the header 'If-Modified-Since' to a repository server and if the response had a 304 (Not Modified), it would copy a file from the local cache instead of downloading. However, if the local file timestamp accidentally changed to a date newer than the one on the repository server, RMT would have an outdated file, which caused some errors. Now, RMT makes HEAD requests to the repositories servers and inspect the 'Last-Modified' header to decide whether to download a file or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos` caused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the handling of SCC and custom repositories, RMT now has friendly IDs. For SCC repositories, it's the same SCC ID as before. For custom repositories, it can either be user provided or RMT generated (MD5 of the provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom repositories.\n\n - Custom repository IDs can be the same across RMT instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than before. RMT still supports that old ID, but it's recommended to start using the new ID to ensure future compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command `rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits with 1 whenever an error occurs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an error when it occurs, the command summarize all errors at the end of execution. Now log messages have colors to better identify failure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via its zypper service. This repository is used during the installation process, as it provides an up-to-date installation experience, but it has no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249, CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418, CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the activation process. Previously, RMT only checked if the repositories were enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which systems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also, instead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files of repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now, to accommodate `rmt-cli repos clean`, RMT will track all mirrored files.\n\nMove the nginx reload to the configuration package which contain nginx config files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order to also bump gem 'ethon' version, which caused a 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1 generates a lot of warnings with Ruby 2.7, mainly due to 'capturing the given block with Proc.new', which is deprecated;\n\n - Improve RPM spec to consider only the distribution default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed together with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-12-09T00:00:00", "type": "nessus", "title": "SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3160-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16770", "CVE-2019-5418", "CVE-2019-5419", "CVE-2019-5420", "CVE-2020-11076", "CVE-2020-11077", "CVE-2020-15169", "CVE-2020-5247", "CVE-2020-5249", "CVE-2020-5267", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167", "CVE-2020-8184", "CVE-2020-8185"], "modified": "2020-12-17T00:00:00", "cpe": ["p-cpe:/a:novell:suse_linux:rmt-server", "p-cpe:/a:novell:suse_linux:rmt-server-config", "p-cpe:/a:novell:suse_linux:rmt-server-debuginfo", "cpe:/o:novell:suse_linux:15"], "id": "SUSE_SU-2020-3160-1.NASL", "href": "https://www.tenable.com/plugins/nessus/143623", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from SUSE update advisory SUSE-SU-2020:3160-1.\n# The text itself is copyright (C) SUSE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(143623);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/12/17\");\n\n script_cve_id(\"CVE-2019-16770\", \"CVE-2019-5418\", \"CVE-2019-5419\", \"CVE-2019-5420\", \"CVE-2020-11076\", \"CVE-2020-11077\", \"CVE-2020-15169\", \"CVE-2020-5247\", \"CVE-2020-5249\", \"CVE-2020-5267\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8166\", \"CVE-2020-8167\", \"CVE-2020-8184\", \"CVE-2020-8185\");\n\n script_name(english:\"SUSE SLES15 Security Update : rmt-server (SUSE-SU-2020:3160-1)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote SUSE host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rmt-server fixes the following issues :\n\nVersion 2.6.5\n\nSolved potential bug of SCC repository URLs changing over time. RMT\nnow self heals by removing the previous invalid repository and\ncreating the correct one.\n\nVersion 2.6.4\n\nAdd web server settings to /etc/rmt.conf: Now it's possible to\nconfigure the minimum and maximum threads count as well the number of\nweb server workers to be booted through /etc/rmt.conf.\n\nVersion 2.6.3\n\nInstead of using an MD5 of URLs for custom repository friendly_ids,\nRMT now builds an ID from the name.\n\nVersion 2.6.2\n\nFix RMT file caching based on timestamps: Previously, RMT sent GET\nrequests with the header 'If-Modified-Since' to a repository server\nand if the response had a 304 (Not Modified), it would copy a file\nfrom the local cache instead of downloading. However, if the local\nfile timestamp accidentally changed to a date newer than the one on\nthe repository server, RMT would have an outdated file, which caused\nsome errors. Now, RMT makes HEAD requests to the repositories servers\nand inspect the 'Last-Modified' header to decide whether to download a\nfile or copy it from cache, by comparing the equalness of timestamps.\n\nVersion 2.6.1\n\nFixed an issue where relative paths supplied to `rmt-cli import repos`\ncaused the command to fail.\n\nVersion 2.6.0\n\nFriendlier IDs for custom repositories: In an effort to simplify the\nhandling of SCC and custom repositories, RMT now has friendly IDs. For\nSCC repositories, it's the same SCC ID as before. For custom\nrepositories, it can either be user provided or RMT generated (MD5 of\nthe provided URL). Benefits :\n\n - `rmt-cli mirror repositories` now works for custom\n repositories.\n\n - Custom repository IDs can be the same across RMT\n instances.\n\n - No more confusing 'SCC ID' vs 'ID' in `rmt-cli` output.\n Deprecation Warnings :\n\n - RMT now uses a different ID for custom repositories than\n before. RMT still supports that old ID, but it's\n recommended to start using the new ID to ensure future\n compatibility.\n\nVersion 2.5.20\n\nUpdated rails from 6.0.3.2 to 6.0.3.3 :\n\n - actionview (CVE-2020-15169)\n\nVersion 2.5.19\n\nRMT now has the ability to remove local systems with the command\n`rmt-cli systems remove`.\n\nVersion 2.5.18\n\nFixed exit code for `rmt-cli mirror` and its subcommands. Now it exits\nwith 1 whenever an error occurs during mirroring\n\nImproved message logging for `rtm-cli mirror`. Instead of logging an\nerror when it occurs, the command summarize all errors at the end of\nexecution. Now log messages have colors to better identify\nfailure/success.\n\nVersion 2.5.17\n\nRMT no longer provides the installer updates repository to systems via\nits zypper service. This repository is used during the installation\nprocess, as it provides an up-to-date installation experience, but it\nhas no use on an already installed system.\n\nVersion 2.5.16\n\nUpdated RMT's rails and puma dependencies.\n\n - puma (CVE-2020-11076, CVE-2020-11077, CVE-2020-5249,\n CVE-2020-5247 CVE-2019-16770)\n\n - actionpack (CVE-2020-8185, CVE-2020-8164, CVE-2020-8166)\n\n - actionview (CVE-2020-8167, CVE-2020-5267, CVE-2019-5418,\n CVE-2019-5419)\n\n - activesupport (CVE-2020-8165)\n\n - railties (CVE-2019-5420)\n\nVersion 2.5.15\n\nRMT now checks if repositories are fully mirrored during the\nactivation process. Previously, RMT only checked if the repositories\nwere enabled to be mirrored, but not that they were actually mirrored.\nIn this case, RMTs were not able to provide the repository data which\nsystems assumed it had.\n\nVersion 2.5.14\n\nEnable 'Installer-Updates' repositories by default\n\nFixed deprecation warning when thor encountered an error. Also,\ninstead of returning 0 for thor errors, rmt-cli will return 1 instead.\n\nVersion 2.5.13\n\nAdded `rmt-cli repos clean` command to remove locally mirrored files\nof repositories which are not marked to be mirrored.\n\nPreviously, RMT didn't track deduplicated files in its database. Now,\nto accommodate `rmt-cli repos clean`, RMT will track all mirrored\nfiles.\n\nMove the nginx reload to the configuration package which contain nginx\nconfig files, don't reload nginx unconditionally from main package.\n\nVersion 2.5.12\n\nUpdate rack to version 2.2.3 (CVE-2020-8184: bsc#1173351)\n\nUpdate Rails to version 5.2.4.3 :\n\n - actionpack (CVE-2020-8164: bsc#1172177)\n\n - actionpack (CVE-2020-8166: bsc#1172182)\n\n - activesupport (CVE-2020-8165: bsc#1172186)\n\n - actionview (CVE-2020-8167: bsc#1172184)\n\nVersion 2.5.11\n\nrmt-server-pubcloud :\n\n - SLES11 EOL\n\n - Extension activation verification based on the available\n subscriptions\n\n - Added a manual instance verification script\n\nVersion 2.5.10\n\nSupport rmt-server to run with Ruby 2.7 (Factory/Tumbleweed) :\n\n - Bump gem 'config' version from 1.7.2 to 2.2.1 to fix\n incompatibility Ruby 2.7 OpenStruct class;\n\n - Bump gem 'typhoeus' version from 1.3.1 to 1.4.0 in order\n to also bump gem 'ethon' version, which caused a\n 'rb_safe_level' warning on Ruby 2.7;\n\n - Fix 'last arg as keyword arg' Ruby 2.7 warning on source\n code;\n\n - Disable 'deprecated' warnings from Ruby 2.7; Rails 5.1\n generates a lot of warnings with Ruby 2.7, mainly due to\n 'capturing the given block with Proc.new', which is\n deprecated;\n\n - Improve RPM spec to consider only the distribution\n default Ruby version configured in OBS;\n\n - Improve RPM spec to remove Ruby 2.7 warnings regarding\n 'bundler.\n\nMove nginx/vhosts.d directory to correct sub-package. They are needed\ntogether with nginx, not rmt-server.\n\nFix dependencies especially for containerized usage :\n\n - mariadb and nginx are not hard requires, could run on\n another host\n\nFix generic dependencies :\n\n - systemd ordering was missing\n\n - shadow is required for pre-install\n\nVersion 2.5.9\n\nrmt-server-pubcloud: enforce strict authentication\n\nVersion 2.5.8\n\nUse repomd_parser gem to remove repository metadata parsing code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the SUSE security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172182\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172184\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.suse.com/show_bug.cgi?id=1173351\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-16770/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5418/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5419/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2019-5420/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11076/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-11077/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-15169/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5247/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5249/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-5267/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8164/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8165/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8166/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8167/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8184/\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.suse.com/security/cve/CVE-2020-8185/\"\n );\n # https://www.suse.com/support/update/announcement/2020/suse-su-20203160-1\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?e5e6b911\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\n\"To install this SUSE Security Update use the SUSE recommended\ninstallation methods like YaST online_update or 'zypper patch'.\n\nAlternatively you can run the command listed for your product :\n\nSUSE Linux Enterprise Module for Server Applications 15-SP1 :\n\nzypper in -t patch\nSUSE-SLE-Module-Server-Applications-15-SP1-2020-3160=1\n\nSUSE Linux Enterprise Module for Public Cloud 15-SP1 :\n\nzypper in -t patch SUSE-SLE-Module-Public-Cloud-15-SP1-2020-3160=1\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:F/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:F/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8165\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n script_set_attribute(attribute:\"d2_elliot_name\", value:\"Rails File Disclosure\");\n script_set_attribute(attribute:\"exploit_framework_d2_elliot\", value:\"true\");\n script_set_attribute(attribute:\"metasploit_name\", value:'Ruby On Rails DoubleTap Development Mode secret_key_base Vulnerability');\n script_set_attribute(attribute:\"exploit_framework_metasploit\", value:\"true\");\n script_set_attribute(attribute:\"exploit_framework_canvas\", value:\"true\");\n script_set_attribute(attribute:\"canvas_package\", value:'CANVAS');\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-config\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:suse_linux:rmt-server-debuginfo\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:suse_linux:15\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/03/27\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/11/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/12/09\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/cpu\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release !~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"SUSE\");\nos_ver = pregmatch(pattern: \"^(SLE(S|D)\\d+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"SUSE\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^(SLES15)$\", string:os_ver)) audit(AUDIT_OS_NOT, \"SUSE SLES15\", \"SUSE \" + os_ver);\n\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (cpu !~ \"^i[3-6]86$\" && \"x86_64\" >!< cpu && \"s390x\" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"SUSE \" + os_ver, cpu);\n\nsp = get_kb_item(\"Host/SuSE/patchlevel\");\nif (isnull(sp)) sp = \"0\";\nif (os_ver == \"SLES15\" && (! preg(pattern:\"^(1)$\", string:sp))) audit(AUDIT_OS_NOT, \"SLES15 SP1\", os_ver + \" SP\" + sp);\n\n\nflag = 0;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-2.6.5-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-config-2.6.5-3.18.1\")) flag++;\nif (rpm_check(release:\"SLES15\", sp:\"1\", reference:\"rmt-server-debuginfo-2.6.5-3.18.1\")) flag++;\n\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"rmt-server\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2021-11-01T11:45:27", "description": "Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529 #1852381\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-10-08T00:00:00", "type": "nessus", "title": "Fedora 33 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2020-4dd34860a3)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169", "CVE-2020-5267", "CVE-2020-8185"], "modified": "2020-10-12T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer", "p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord", "p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport", "p-cpe:/a:fedoraproject:fedora:1:rubygem-rails", "p-cpe:/a:fedoraproject:fedora:rubygem-actioncable", "p-cpe:/a:fedoraproject:fedora:rubygem-actionmailbox", "p-cpe:/a:fedoraproject:fedora:rubygem-actiontext", "p-cpe:/a:fedoraproject:fedora:rubygem-actionview", "p-cpe:/a:fedoraproject:fedora:rubygem-activejob", "p-cpe:/a:fedoraproject:fedora:rubygem-activemodel", "p-cpe:/a:fedoraproject:fedora:rubygem-activestorage", "p-cpe:/a:fedoraproject:fedora:rubygem-image_processing", "p-cpe:/a:fedoraproject:fedora:rubygem-railties", "cpe:/o:fedoraproject:fedora:33"], "id": "FEDORA_2020-4DD34860A3.NASL", "href": "https://www.tenable.com/plugins/nessus/141285", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-4dd34860a3.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141285);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/12\");\n\n script_cve_id(\"CVE-2020-15169\", \"CVE-2020-5267\", \"CVE-2020-8185\");\n script_xref(name:\"FEDORA\", value:\"2020-4dd34860a3\");\n\n script_name(english:\"Fedora 33 : 1:rubygem-actionmailer / 1:rubygem-actionpack / etc (2020-4dd34860a3)\");\n script_summary(english:\"Checks rpm output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Fedora host is missing one or more security updates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Upgrade to Ruby on Rails 6.0.3.3. Fixes CVEs: #1877568 #1831529\n#1852381\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-4dd34860a3\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-15169\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actioncable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionmailbox\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actiontext\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-activestorage\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-image_processing\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:rubygem-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:33\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/03/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/08\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^33([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 33\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionmailer-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionpack-6.0.3.3-2.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activerecord-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activesupport-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-rails-6.0.3.3-1.fc33\", epoch:\"1\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actioncable-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionmailbox-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actiontext-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-actionview-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activejob-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activemodel-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-activestorage-6.0.3.3-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-image_processing-1.11.0-1.fc33\")) flag++;\nif (rpm_check(release:\"FC33\", reference:\"rubygem-railties-6.0.3.3-1.fc33\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-actionmailer / 1:rubygem-actionpack / etc\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-06-16T15:39:35", "description": "Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based framework geared for web application development, which could lead to remote code execution and untrusted user input usage, depending on the application.\n\nCVE-2020-8163\n\nA code injection vulnerability in Rails would allow an attacker who controlled the `locals` argument of a `render` call to perform a RCE.\n\nCVE-2020-8164\n\nA deserialization of untrusted data vulnerability exists in rails which can allow an attacker to supply information can be inadvertently leaked from Strong Parameters.\n\nCVE-2020-8165\n\nA deserialization of untrusted data vulnernerability exists in rails that can allow an attacker to unmarshal user-provided objects in MemCacheStore and RedisCacheStore potentially resulting in an RCE.\n\nFor Debian 9 stretch, these problems have been fixed in version 2:4.2.7.1-1+deb9u3.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-07-21T00:00:00", "type": "nessus", "title": "Debian DLA-2282-1 : rails security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8163", "CVE-2020-8164", "CVE-2020-8165"], "modified": "2020-08-13T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "p-cpe:/a:debian:debian_linux:ruby-actionmailer", "p-cpe:/a:debian:debian_linux:ruby-actionpack", "p-cpe:/a:debian:debian_linux:ruby-actionview", "p-cpe:/a:debian:debian_linux:ruby-activejob", "p-cpe:/a:debian:debian_linux:ruby-activemodel", "p-cpe:/a:debian:debian_linux:ruby-activerecord", "p-cpe:/a:debian:debian_linux:ruby-activesupport", "p-cpe:/a:debian:debian_linux:ruby-rails", "p-cpe:/a:debian:debian_linux:ruby-railties", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2282.NASL", "href": "https://www.tenable.com/plugins/nessus/138781", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2282-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(138781);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/08/13\");\n\n script_cve_id(\"CVE-2020-8163\", \"CVE-2020-8164\", \"CVE-2020-8165\");\n\n script_name(english:\"Debian DLA-2282-1 : rails security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8163\n\nA code injection vulnerability in Rails would allow an attacker who\ncontrolled the `locals` argument of a `render` call to perform a RCE.\n\nCVE-2020-8164\n\nA deserialization of untrusted data vulnerability exists in rails\nwhich can allow an attacker to supply information can be inadvertently\nleaked from Strong Parameters.\n\nCVE-2020-8165\n\nA deserialization of untrusted data vulnernerability exists in rails\nthat can allow an attacker to unmarshal user-provided objects in\nMemCacheStore and RedisCacheStore potentially resulting in an RCE.\n\nFor Debian 9 stretch, these problems have been fixed in version\n2:4.2.7.1-1+deb9u3.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/rails\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:POC/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:P/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"Exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/20\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"rails\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionpack\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionview\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activejob\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activemodel\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activerecord\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activesupport\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-rails\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-railties\", reference:\"2:4.2.7.1-1+deb9u3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-12T15:13:11", "description": "A timing attack was discovered in the function for CSRF token validation of the 'Ruby rack protection' framework.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2018-07-17T00:00:00", "type": "nessus", "title": "Debian DSA-4247-1 : ruby-rack-protection - security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000119"], "modified": "2018-11-13T00:00:00", "cpe": ["cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "p-cpe:2.3:a:debian:debian_linux:ruby-rack-protection:*:*:*:*:*:*:*"], "id": "DEBIAN_DSA-4247.NASL", "href": "https://www.tenable.com/plugins/nessus/111112", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-4247. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(111112);\n script_version(\"1.4\");\n script_cvs_date(\"Date: 2018/11/13 12:30:47\");\n\n script_cve_id(\"CVE-2018-1000119\");\n script_xref(name:\"DSA\", value:\"4247\");\n\n script_name(english:\"Debian DSA-4247-1 : ruby-rack-protection - security update\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A timing attack was discovered in the function for CSRF token\nvalidation of the 'Ruby rack protection' framework.\"\n );\n # https://security-tracker.debian.org/tracker/source-package/ruby-rack-protection\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?750d01ef\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/ruby-rack-protection\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2018/dsa-4247\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the ruby-rack-protection packages.\n\nFor the stable distribution (stretch), this problem has been fixed in\nversion 1.5.3-2+deb9u1.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rack-protection\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2018/07/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2018/07/17\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2018 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"ruby-rack-protection\", reference:\"1.5.3-2+deb9u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-23T01:56:03", "description": "The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2020:2480 advisory.\n\n - rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-06-10T00:00:00", "type": "nessus", "title": "RHEL 8 : CloudForms 5.0.6 (RHSA-2020:2480)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16782"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:ansible-runner", "p-cpe:/a:redhat:enterprise_linux:cfme", "p-cpe:/a:redhat:enterprise_linux:cfme-amazon-smartstate", "p-cpe:/a:redhat:enterprise_linux:cfme-appliance", "p-cpe:/a:redhat:enterprise_linux:cfme-appliance-common", "p-cpe:/a:redhat:enterprise_linux:cfme-appliance-tools", "p-cpe:/a:redhat:enterprise_linux:cfme-gemset", "p-cpe:/a:redhat:enterprise_linux:libssh2", "p-cpe:/a:redhat:enterprise_linux:python3-ansible-runner"], "id": "REDHAT-RHSA-2020-2480.NASL", "href": "https://www.tenable.com/plugins/nessus/137312", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2480. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137312);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2019-16782\");\n script_xref(name:\"RHSA\", value:\"2020:2480\");\n\n script_name(english:\"RHEL 8 : CloudForms 5.0.6 (RHSA-2020:2480)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in\nthe RHSA-2020:2480 advisory.\n\n - rubygem-rack: hijack sessions by using timing attacks targeting the session id (CVE-2019-16782)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-16782\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2480\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1789100\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-16782\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/10\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/10\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:ansible-runner\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-amazon-smartstate\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-appliance\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-appliance-common\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-appliance-tools\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:cfme-gemset\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:libssh2\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-ansible-runner\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'cloudforms_managementengine_5_11_el8': [\n 'cfme-5.11-for-rhel-8-x86_64-debug-rpms',\n 'cfme-5.11-for-rhel-8-x86_64-rpms',\n 'cfme-5.11-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'ansible-runner-1.4.6-1.el8ar', 'release':'8', 'el_string':'el8ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'cfme-5.11.6.0-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'cfme-amazon-smartstate-5.11.6.0-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'cfme-appliance-5.11.6.0-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'cfme-appliance-common-5.11.6.0-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'cfme-appliance-tools-5.11.6.0-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'cfme-gemset-5.11.6.0-1.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'libssh2-1.9.0-2.el8cf', 'cpu':'x86_64', 'release':'8', 'el_string':'el8cf', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']},\n {'reference':'python3-ansible-runner-1.4.6-1.el8ar', 'release':'8', 'el_string':'el8ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'cfme-5.11', 'repo_list':['cloudforms_managementengine_5_11_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ansible-runner / cfme / cfme-amazon-smartstate / cfme-appliance / etc');\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-23T02:04:51", "description": "National Vulnerability Database :\n\nThere's a possible information leak / session hijack vulnerability in Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12 and 2.0.8. Attackers may be able to find and hijack sessions by using timing attacks targeting the session id. Session ids are usually stored and indexed in a database that uses some kind of scheme for speeding up lookups of that session id. By carefully measuring the amount of time it takes to look up a session, an attacker may be able to find a valid session id and hijack the session. The session id itself may be generated randomly, but the way the session is indexed by the backing store does not use a secure comparison.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2019-12-30T00:00:00", "type": "nessus", "title": "FreeBSD : rack -- information leak / session hijack vulnerability (66e4dc99-28b3-11ea-8dde-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16782"], "modified": "2020-01-02T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-rack", "p-cpe:/a:freebsd:freebsd:rubygem-rack16", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_66E4DC9928B311EA8DDE08002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/132428", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(132428);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/02\");\n\n script_cve_id(\"CVE-2019-16782\");\n\n script_name(english:\"FreeBSD : rack -- information leak / session hijack vulnerability (66e4dc99-28b3-11ea-8dde-08002728f74c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"National Vulnerability Database :\n\nThere's a possible information leak / session hijack vulnerability in\nRack (RubyGem rack). This vulnerability is patched in versions 1.6.12\nand 2.0.8. Attackers may be able to find and hijack sessions by using\ntiming attacks targeting the session id. Session ids are usually\nstored and indexed in a database that uses some kind of scheme for\nspeeding up lookups of that session id. By carefully measuring the\namount of time it takes to look up a session, an attacker may be able\nto find a valid session id and hijack the session. The session id\nitself may be generated randomly, but the way the session is indexed\nby the backing store does not use a secure comparison.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rack/rack/blob/master/CHANGELOG.md\"\n );\n # https://vuxml.freebsd.org/freebsd/66e4dc99-28b3-11ea-8dde-08002728f74c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?86f3675e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rack16\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/08\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/12/29\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rack>=2.0.0<2.0.8,3\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rack16>=1.6.0<1.6.12\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-12-23T02:03:37", "description": "Update to Rack 2.0.8.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 5.9, "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-01-21T00:00:00", "type": "nessus", "title": "Fedora 31 : 1:rubygem-rack (2020-57fc0d0156)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16782"], "modified": "2020-01-23T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:1:rubygem-rack", "cpe:/o:fedoraproject:fedora:31"], "id": "FEDORA_2020-57FC0D0156.NASL", "href": "https://www.tenable.com/plugins/nessus/133114", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-57fc0d0156.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(133114);\n script_version(\"1.2\");\n script_cvs_date(\"Date: 2020/01/23\");\n\n script_cve_id(\"CVE-2019-16782\");\n script_xref(name:\"FEDORA\", value:\"2020-57fc0d0156\");\n\n script_name(english:\"Fedora 31 : 1:rubygem-rack (2020-57fc0d0156)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to Rack 2.0.8.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-57fc0d0156\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected 1:rubygem-rack package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:1:rubygem-rack\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:31\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/12/18\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/01/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/01/21\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^31([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 31\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC31\", reference:\"rubygem-rack-2.0.8-1.fc31\", epoch:\"1\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"1:rubygem-rack\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2021-08-19T12:12:49", "description": "A potential Cross-Site Scripting (XSS) vulnerability was found in rails, a ruby based MVC framework. Views that allow the user to control the default (not found) value of the `t` and `translate` helpers could be susceptible to XSS attacks. When an HTML-unsafe string is passed as the default for a missing translation key named html or ending in _html, the default string is incorrectly marked as HTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version 2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security tracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-10-12T00:00:00", "type": "nessus", "title": "Debian DLA-2403-1 : rails security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169"], "modified": "2020-10-15T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:rails", "p-cpe:/a:debian:debian_linux:ruby-actionmailer", "p-cpe:/a:debian:debian_linux:ruby-actionpack", "p-cpe:/a:debian:debian_linux:ruby-actionview", "p-cpe:/a:debian:debian_linux:ruby-activejob", "p-cpe:/a:debian:debian_linux:ruby-activemodel", "p-cpe:/a:debian:debian_linux:ruby-activerecord", "p-cpe:/a:debian:debian_linux:ruby-activesupport", "p-cpe:/a:debian:debian_linux:ruby-rails", "p-cpe:/a:debian:debian_linux:ruby-railties", "cpe:/o:debian:debian_linux:9.0"], "id": "DEBIAN_DLA-2403.NASL", "href": "https://www.tenable.com/plugins/nessus/141379", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-2403-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141379);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/15\");\n\n script_cve_id(\"CVE-2020-15169\");\n\n script_name(english:\"Debian DLA-2403-1 : rails security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"A potential Cross-Site Scripting (XSS) vulnerability was found in\nrails, a ruby based MVC framework. Views that allow the user to\ncontrol the default (not found) value of the `t` and `translate`\nhelpers could be susceptible to XSS attacks. When an HTML-unsafe\nstring is passed as the default for a missing translation key named\nhtml or ending in _html, the default string is incorrectly marked as\nHTML-safe and not escaped.\n\nFor Debian 9 stretch, this problem has been fixed in version\n2:4.2.7.1-1+deb9u4.\n\nWe recommend that you upgrade your rails packages.\n\nFor the detailed security status of rails please refer to its security\ntracker page at: https://security-tracker.debian.org/tracker/rails\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2020/10/msg00015.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/stretch/rails\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security-tracker.debian.org/tracker/source-package/rails\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Upgrade the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionmailer\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionpack\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-actionview\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activejob\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activemodel\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activerecord\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-activesupport\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-rails\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:ruby-railties\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:9.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/11\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/12\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"9.0\", prefix:\"rails\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionmailer\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionpack\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-actionview\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activejob\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activemodel\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activerecord\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-activesupport\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-rails\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\nif (deb_check(release:\"9.0\", prefix:\"ruby-railties\", reference:\"2:4.2.7.1-1+deb9u4\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:12:34", "description": "Ruby on Rails blog :\n\nRails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an important security fix, so please upgrade when you can.\n\nBoth releases contain the following fix: [CVE-2020-15169] Potential XSS vulnerability in Action View", "cvss3": {"score": 6.1, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N"}, "published": "2020-09-14T00:00:00", "type": "nessus", "title": "FreeBSD : Rails -- Potential XSS vulnerability (7b630362-f468-11ea-a96c-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-15169"], "modified": "2020-09-21T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionview52", "p-cpe:/a:freebsd:freebsd:rubygem-actionview60", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_7B630362F46811EAA96C08002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/140558", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(140558);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/21\");\n\n script_cve_id(\"CVE-2020-15169\");\n\n script_name(english:\"FreeBSD : Rails -- Potential XSS vulnerability (7b630362-f468-11ea-a96c-08002728f74c)\");\n script_summary(english:\"Checks for updated packages in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote FreeBSD host is missing one or more security-related\nupdates.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby on Rails blog :\n\nRails 5.2.4.4 and 6.0.3.3 have been released! These releases contain\nan important security fix, so please upgrade when you can.\n\nBoth releases contain the following fix: [CVE-2020-15169] Potential\nXSS vulnerability in Action View\"\n );\n # https://weblog.rubyonrails.org/2020/9/10/Rails-5-2-4-4-and-6-0-3-3-have-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?378db660\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/b-C9kSGXYrc\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?8e6b7941\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rails/rails/blob/5-2-stable/actionview/CHANGELOG.md\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rails/rails/blob/6-0-stable/actionview/CHANGELOG.md\"\n );\n # https://vuxml.freebsd.org/freebsd/7b630362-f468-11ea-a96c-08002728f74c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?de9872c7\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview52\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionview60\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/09/09\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/14\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview52<5.2.4.4\")) flag++;\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionview60<6.0.3.3\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2021-08-19T12:14:34", "description": "Ruby on Rails blog :\n\nRails 6.0.3.2 has been released! This version of Rails contains an important security patch, and you should upgrade! The release contains only one patch that addresses CVE-2020-8185.", "cvss3": {"score": 6.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "FreeBSD : Rails -- permission vulnerability (feb8afdc-b3e5-11ea-9df5-08002728f74c)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8185"], "modified": "2020-07-10T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-actionpack60", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_FEB8AFDCB3E511EA9DF508002728F74C.NASL", "href": "https://www.tenable.com/plugins/nessus/137738", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2020 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(137738);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/07/10\");\n\n script_cve_id(\"CVE-2020-8185\");\n\n script_name(english:\"FreeBSD : Rails -- permission vulnerability (feb8afdc-b3e5-11ea-9df5-08002728f74c)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Ruby on Rails blog :\n\nRails 6.0.3.2 has been released! This version of Rails contains an\nimportant security patch, and you should upgrade! The release contains\nonly one patch that addresses CVE-2020-8185.\"\n );\n # https://weblog.rubyonrails.org/2020/6/17/Rails-6-0-3-2-has-been-released/\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?26ba3bcb\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rails/rails/blob/6-0-stable/actionpack/CHANGELOG.md\"\n );\n # https://groups.google.com/forum/#!topic/rubyonrails-security/pAe9EV8gbM0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?a8a8b3fd\"\n );\n # https://vuxml.freebsd.org/freebsd/feb8afdc-b3e5-11ea-9df5-08002728f74c.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?c6e3119e\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-8185\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-actionpack60\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/17\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-actionpack60<6.0.3.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:pkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 4, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T16:30:11", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2635 advisory.\n\n - python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-24T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.3.26 python-psutil (RHSA-2020:2635)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-psutil"], "id": "REDHAT-RHSA-2020-2635.NASL", "href": "https://www.tenable.com/plugins/nessus/137756", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2635. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137756);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"RHSA\", value:\"2020:2635\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.3.26 python-psutil (RHSA-2020:2635)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:2635 advisory.\n\n - python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2635\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1772014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python2-psutil package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18874\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/23\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/24\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-psutil\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_4_3_el7': [\n 'rhel-7-for-system-z-ose-4.3-debug-rpms',\n 'rhel-7-for-system-z-ose-4.3-rpms',\n 'rhel-7-for-system-z-ose-4.3-source-rpms',\n 'rhel-7-server-ose-4.3-debug-rpms',\n 'rhel-7-server-ose-4.3-rpms',\n 'rhel-7-server-ose-4.3-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'python2-psutil-5.6.6-1.el7ar', 'cpu':'s390x', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_3_el7']},\n {'reference':'python2-psutil-5.6.6-1.el7ar', 'cpu':'x86_64', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_3_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python2-psutil');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T16:28:21", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2593 advisory.\n\n - python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-07-01T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.2.36 python-psutil (RHSA-2020:2593)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-psutil"], "id": "REDHAT-RHSA-2020-2593.NASL", "href": "https://www.tenable.com/plugins/nessus/138029", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2593. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(138029);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"RHSA\", value:\"2020:2593\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.2.36 python-psutil (RHSA-2020:2593)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:2593 advisory.\n\n - python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2593\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1772014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python2-psutil package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18874\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/07/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/07/01\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-psutil\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_4_2_el7': [\n 'rhel-7-server-ose-4.2-debug-rpms',\n 'rhel-7-server-ose-4.2-rpms',\n 'rhel-7-server-ose-4.2-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'python2-psutil-5.6.6-1.el7ar', 'cpu':'x86_64', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_2_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python2-psutil');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T16:26:34", "description": "The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:2583 advisory.\n\n - python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-06-23T00:00:00", "type": "nessus", "title": "RHEL 7 : OpenShift Container Platform 4.4.9 python-psutil (RHSA-2020:2583)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2021-10-12T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-psutil"], "id": "REDHAT-RHSA-2020-2583.NASL", "href": "https://www.tenable.com/plugins/nessus/137726", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2020:2583. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(137726);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/12\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"RHSA\", value:\"2020:2583\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.4.9 python-psutil (RHSA-2020:2583)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2020:2583 advisory.\n\n - python-psutil: double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2020:2583\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1772014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python2-psutil package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18874\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/06/22\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/06/23\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-psutil\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2020-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_4_4_el7': [\n 'rhel-7-for-system-z-ose-4.4-debug-rpms',\n 'rhel-7-for-system-z-ose-4.4-rpms',\n 'rhel-7-for-system-z-ose-4.4-source-rpms',\n 'rhel-7-server-ose-4.4-debug-rpms',\n 'rhel-7-server-ose-4.4-rpms',\n 'rhel-7-server-ose-4.4-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'python2-psutil-5.6.6-1.el7ar', 'cpu':'s390x', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_4_el7']},\n {'reference':'python2-psutil-5.6.6-1.el7ar', 'cpu':'x86_64', 'release':'7', 'el_string':'el7ar', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_4_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python2-psutil');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T16:14:16", "description": "Update to 5.6.7 to fix CVE-2019-18874\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2020-02-26T00:00:00", "type": "nessus", "title": "Fedora 30 : python-psutil (2020-a06ebafad8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2020-03-02T00:00:00", "cpe": ["p-cpe:/a:fedoraproject:fedora:python-psutil", "cpe:/o:fedoraproject:fedora:30"], "id": "FEDORA_2020-A06EBAFAD8.NASL", "href": "https://www.tenable.com/plugins/nessus/134056", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Fedora Security Advisory FEDORA-2020-a06ebafad8.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(134056);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/03/02\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"FEDORA\", value:\"2020-a06ebafad8\");\n\n script_name(english:\"Fedora 30 : python-psutil (2020-a06ebafad8)\");\n script_summary(english:\"Checks rpm output for the updated package.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Fedora host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Update to 5.6.7 to fix CVE-2019-18874\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Fedora update system website.\nTenable has attempted to automatically clean and format it as much as\npossible without introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bodhi.fedoraproject.org/updates/FEDORA-2020-a06ebafad8\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Update the affected python-psutil package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:fedoraproject:fedora:python-psutil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:fedoraproject:fedora:30\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/02/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/02/26\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Fedora Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || \"Fedora\" >!< release) audit(AUDIT_OS_NOT, \"Fedora\");\nos_ver = pregmatch(pattern: \"Fedora.*release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, \"Fedora\");\nos_ver = os_ver[1];\nif (! preg(pattern:\"^30([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, \"Fedora 30\", \"Fedora \" + os_ver);\n\nif (!get_kb_item(\"Host/RedHat/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Fedora\", cpu);\n\n\nflag = 0;\nif (rpm_check(release:\"FC30\", reference:\"python-psutil-5.6.7-1.fc30\")) flag++;\n\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-psutil\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T16:48:16", "description": "Riccardo Schirone discovered that psutil incorrectly handled certain reference counting operations. An attacker could use this issue to cause psutil to crash, resulting in a denial of service, or possibly execute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-12-03T00:00:00", "type": "nessus", "title": "Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : psutil vulnerability (USN-4204-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2020-09-17T00:00:00", "cpe": ["p-cpe:/a:canonical:ubuntu_linux:python-psutil", "p-cpe:/a:canonical:ubuntu_linux:python3-psutil", "cpe:/o:canonical:ubuntu_linux:16.04", "cpe:/o:canonical:ubuntu_linux:18.04:-:lts", "cpe:/o:canonical:ubuntu_linux:19.04", "cpe:/o:canonical:ubuntu_linux:19.10"], "id": "UBUNTU_USN-4204-1.NASL", "href": "https://www.tenable.com/plugins/nessus/131560", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Ubuntu Security Notice USN-4204-1. The text \n# itself is copyright (C) Canonical, Inc. See \n# <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered \n# trademark of Canonical, Inc.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(131560);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/09/17\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"USN\", value:\"4204-1\");\n\n script_name(english:\"Ubuntu 16.04 LTS / 18.04 LTS / 19.04 / 19.10 : psutil vulnerability (USN-4204-1)\");\n script_summary(english:\"Checks dpkg output for updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote Ubuntu host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"Riccardo Schirone discovered that psutil incorrectly handled certain\nreference counting operations. An attacker could use this issue to\ncause psutil to crash, resulting in a denial of service, or possibly\nexecute arbitrary code.\n\nNote that Tenable Network Security has extracted the preceding\ndescription block directly from the Ubuntu security advisory. Tenable\nhas attempted to automatically clean and format it as much as possible\nwithout introducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://usn.ubuntu.com/4204-1/\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected python-psutil and / or python3-psutil packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python-psutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:canonical:ubuntu_linux:python3-psutil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:16.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:18.04:-:lts\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.04\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:canonical:ubuntu_linux:19.10\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/28\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/12/03\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"Ubuntu Security Notice (C) 2019-2020 Canonical, Inc. / NASL script (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Ubuntu Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/cpu\", \"Host/Ubuntu\", \"Host/Ubuntu/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"ubuntu.inc\");\ninclude(\"misc_func.inc\");\n\nif ( ! get_kb_item(\"Host/local_checks_enabled\") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/Ubuntu/release\");\nif ( isnull(release) ) audit(AUDIT_OS_NOT, \"Ubuntu\");\nrelease = chomp(release);\nif (! preg(pattern:\"^(16\\.04|18\\.04|19\\.04|19\\.10)$\", string:release)) audit(AUDIT_OS_NOT, \"Ubuntu 16.04 / 18.04 / 19.04 / 19.10\", \"Ubuntu \" + release);\nif ( ! get_kb_item(\"Host/Debian/dpkg-l\") ) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item(\"Host/cpu\");\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif (\"x86_64\" >!< cpu && cpu !~ \"^i[3-6]86$\") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, \"Ubuntu\", cpu);\n\nflag = 0;\n\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python-psutil\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"16.04\", pkgname:\"python3-psutil\", pkgver:\"3.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python-psutil\", pkgver:\"5.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"18.04\", pkgname:\"python3-psutil\", pkgver:\"5.4.2-1ubuntu0.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"python-psutil\", pkgver:\"5.5.1-1ubuntu0.19.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.04\", pkgname:\"python3-psutil\", pkgver:\"5.5.1-1ubuntu0.19.04.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"python-psutil\", pkgver:\"5.5.1-1ubuntu0.19.10.1\")) flag++;\nif (ubuntu_check(osver:\"19.10\", pkgname:\"python3-psutil\", pkgver:\"5.5.1-1ubuntu0.19.10.1\")) flag++;\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : ubuntu_report_get()\n );\n exit(0);\n}\nelse\n{\n tested = ubuntu_pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"python-psutil / python3-psutil\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T16:44:06", "description": "It was discovered that there were multiple double free vulnerabilities in python-psutil, a Python module providing convenience functions for accessing system process data.\n\nThis was caused by incorrect reference counting handling within for/while loops that convert system data into said Python objects.\n\nFor Debian 8 'Jessie', this issue has been fixed in python-psutil version 2.1.1-1+deb8u1.\n\nWe recommend that you upgrade your python-psutil packages.\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2019-11-20T00:00:00", "type": "nessus", "title": "Debian DLA-1998-1 : python-psutil security update", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2021-01-11T00:00:00", "cpe": ["p-cpe:/a:debian:debian_linux:python-psutil", "p-cpe:/a:debian:debian_linux:python3-psutil", "cpe:/o:debian:debian_linux:8.0"], "id": "DEBIAN_DLA-1998.NASL", "href": "https://www.tenable.com/plugins/nessus/131137", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Debian Security Advisory DLA-1998-1. The text\n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(131137);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/11\");\n\n script_cve_id(\"CVE-2019-18874\");\n\n script_name(english:\"Debian DLA-1998-1 : python-psutil security update\");\n script_summary(english:\"Checks dpkg output for the updated packages.\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"It was discovered that there were multiple double free vulnerabilities\nin python-psutil, a Python module providing convenience functions for\naccessing system process data.\n\nThis was caused by incorrect reference counting handling within\nfor/while loops that convert system data into said Python objects.\n\nFor Debian 8 'Jessie', this issue has been fixed in python-psutil\nversion 2.1.1-1+deb8u1.\n\nWe recommend that you upgrade your python-psutil packages.\n\nNOTE: Tenable Network Security has extracted the preceding description\nblock directly from the DLA security advisory. Tenable has attempted\nto automatically clean and format it as much as possible without\nintroducing additional issues.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://packages.debian.org/source/jessie/python-psutil\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\"Upgrade the affected python-psutil, and python3-psutil packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python-psutil\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:python3-psutil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:8.0\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2019/11/18\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2019/11/20\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2019-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"8.0\", prefix:\"python-psutil\", reference:\"2.1.1-1+deb8u1\")) flag++;\nif (deb_check(release:\"8.0\", prefix:\"python3-psutil\", reference:\"2.1.1-1+deb8u1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());\n else security_warning(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T15:57:27", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2021:4324 advisory.\n\n - python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "RHEL 8 : python-psutil (RHSA-2021:4324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:python3-psutil"], "id": "REDHAT-RHSA-2021-4324.NASL", "href": "https://www.tenable.com/plugins/nessus/155111", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:4324. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155111);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"RHSA\", value:\"2021:4324\");\n\n script_name(english:\"RHEL 8 : python-psutil (RHSA-2021:4324)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in\nthe RHSA-2021:4324 advisory.\n\n - python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/416.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2019-18874\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4324\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1772014\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-psutil package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18874\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(416);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python3-psutil\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'enterprise_linux_8_appstream': [\n 'rhel-8-for-aarch64-appstream-debug-rpms',\n 'rhel-8-for-aarch64-appstream-rpms',\n 'rhel-8-for-aarch64-appstream-source-rpms',\n 'rhel-8-for-s390x-appstream-debug-rpms',\n 'rhel-8-for-s390x-appstream-rpms',\n 'rhel-8-for-s390x-appstream-source-rpms',\n 'rhel-8-for-x86_64-appstream-debug-rpms',\n 'rhel-8-for-x86_64-appstream-rpms',\n 'rhel-8-for-x86_64-appstream-source-rpms'\n ],\n 'enterprise_linux_8_baseos': [\n 'rhel-8-for-aarch64-baseos-debug-rpms',\n 'rhel-8-for-aarch64-baseos-rpms',\n 'rhel-8-for-aarch64-baseos-source-rpms',\n 'rhel-8-for-s390x-baseos-debug-rpms',\n 'rhel-8-for-s390x-baseos-rpms',\n 'rhel-8-for-s390x-baseos-source-rpms',\n 'rhel-8-for-x86_64-baseos-debug-rpms',\n 'rhel-8-for-x86_64-baseos-rpms',\n 'rhel-8-for-x86_64-baseos-source-rpms'\n ],\n 'enterprise_linux_8_crb': [\n 'codeready-builder-for-rhel-8-aarch64-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-rpms',\n 'codeready-builder-for-rhel-8-aarch64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-aarch64-rpms',\n 'codeready-builder-for-rhel-8-aarch64-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-rpms',\n 'codeready-builder-for-rhel-8-s390x-eus-source-rpms',\n 'codeready-builder-for-rhel-8-s390x-rpms',\n 'codeready-builder-for-rhel-8-s390x-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-debug-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-rpms',\n 'codeready-builder-for-rhel-8-x86_64-eus-source-rpms',\n 'codeready-builder-for-rhel-8-x86_64-rpms',\n 'codeready-builder-for-rhel-8-x86_64-source-rpms'\n ],\n 'enterprise_linux_8_highavailability': [\n 'rhel-8-for-aarch64-highavailability-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-debug-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-rpms',\n 'rhel-8-for-aarch64-highavailability-eus-source-rpms',\n 'rhel-8-for-aarch64-highavailability-rpms',\n 'rhel-8-for-aarch64-highavailability-source-rpms',\n 'rhel-8-for-s390x-highavailability-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-debug-rpms',\n 'rhel-8-for-s390x-highavailability-eus-rpms',\n 'rhel-8-for-s390x-highavailability-eus-source-rpms',\n 'rhel-8-for-s390x-highavailability-rpms',\n 'rhel-8-for-s390x-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-rpms',\n 'rhel-8-for-x86_64-highavailability-e4s-source-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-rpms',\n 'rhel-8-for-x86_64-highavailability-eus-source-rpms',\n 'rhel-8-for-x86_64-highavailability-rpms',\n 'rhel-8-for-x86_64-highavailability-source-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-debug-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-rpms',\n 'rhel-8-for-x86_64-highavailability-tus-source-rpms'\n ],\n 'enterprise_linux_8_nfv': [\n 'rhel-8-for-x86_64-nfv-debug-rpms',\n 'rhel-8-for-x86_64-nfv-rpms',\n 'rhel-8-for-x86_64-nfv-source-rpms',\n 'rhel-8-for-x86_64-nfv-tus-debug-rpms',\n 'rhel-8-for-x86_64-nfv-tus-rpms',\n 'rhel-8-for-x86_64-nfv-tus-source-rpms'\n ],\n 'enterprise_linux_8_realtime': [\n 'rhel-8-for-x86_64-rt-debug-rpms',\n 'rhel-8-for-x86_64-rt-rpms',\n 'rhel-8-for-x86_64-rt-source-rpms',\n 'rhel-8-for-x86_64-rt-tus-debug-rpms',\n 'rhel-8-for-x86_64-rt-tus-rpms',\n 'rhel-8-for-x86_64-rt-tus-source-rpms'\n ],\n 'enterprise_linux_8_resilientstorage': [\n 'rhel-8-for-s390x-resilientstorage-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-rpms',\n 'rhel-8-for-s390x-resilientstorage-eus-source-rpms',\n 'rhel-8-for-s390x-resilientstorage-rpms',\n 'rhel-8-for-s390x-resilientstorage-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-debug-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-rpms',\n 'rhel-8-for-x86_64-resilientstorage-eus-source-rpms',\n 'rhel-8-for-x86_64-resilientstorage-rpms',\n 'rhel-8-for-x86_64-resilientstorage-source-rpms'\n ],\n 'enterprise_linux_8_sap': [\n 'rhel-8-for-s390x-sap-netweaver-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-rpms',\n 'rhel-8-for-s390x-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-s390x-sap-netweaver-rpms',\n 'rhel-8-for-s390x-sap-netweaver-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-rpms',\n 'rhel-8-for-x86_64-sap-netweaver-source-rpms'\n ],\n 'enterprise_linux_8_sap_hana': [\n 'rhel-8-for-x86_64-sap-solutions-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-rpms',\n 'rhel-8-for-x86_64-sap-solutions-e4s-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-debug-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-rpms',\n 'rhel-8-for-x86_64-sap-solutions-eus-source-rpms',\n 'rhel-8-for-x86_64-sap-solutions-rpms',\n 'rhel-8-for-x86_64-sap-solutions-source-rpms'\n ],\n 'enterprise_linux_8_supplementary': [\n 'rhel-8-for-aarch64-supplementary-eus-rpms',\n 'rhel-8-for-aarch64-supplementary-eus-source-rpms',\n 'rhel-8-for-aarch64-supplementary-rpms',\n 'rhel-8-for-aarch64-supplementary-source-rpms',\n 'rhel-8-for-s390x-supplementary-eus-rpms',\n 'rhel-8-for-s390x-supplementary-eus-source-rpms',\n 'rhel-8-for-s390x-supplementary-rpms',\n 'rhel-8-for-s390x-supplementary-source-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-rpms',\n 'rhel-8-for-x86_64-supplementary-eus-source-rpms',\n 'rhel-8-for-x86_64-supplementary-rpms',\n 'rhel-8-for-x86_64-supplementary-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']},\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['enterprise_linux_8_appstream', 'enterprise_linux_8_baseos', 'enterprise_linux_8_crb', 'enterprise_linux_8_highavailability', 'enterprise_linux_8_nfv', 'enterprise_linux_8_realtime', 'enterprise_linux_8_resilientstorage', 'enterprise_linux_8_sap', 'enterprise_linux_8_sap_hana', 'enterprise_linux_8_supplementary']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-psutil');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T15:59:51", "description": "The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the CESA-2021:4324 advisory.\n\n - python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-11-11T00:00:00", "type": "nessus", "title": "CentOS 8 : python-psutil (CESA-2021:4324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2021-11-11T00:00:00", "cpe": ["cpe:/o:centos:centos:8-stream", "p-cpe:/a:centos:centos:python3-psutil"], "id": "CENTOS8_RHSA-2021-4324.NASL", "href": "https://www.tenable.com/plugins/nessus/155046", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# Red Hat Security Advisory RHSA-2021:4324. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155046);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/11\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"RHSA\", value:\"2021:4324\");\n\n script_name(english:\"CentOS 8 : python-psutil (CESA-2021:4324)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote CentOS host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote CentOS Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nCESA-2021:4324 advisory.\n\n - python-psutil: Double free because of refcount mishandling (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:4324\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-psutil package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18874\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/11\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:centos:centos:8-stream\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:centos:centos:python3-psutil\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"CentOS Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/CentOS/release\", \"Host/CentOS/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/CentOS/release');\nif (isnull(release) || 'CentOS' >!< release) audit(AUDIT_OS_NOT, 'CentOS');\nvar os_ver = pregmatch(pattern: \"CentOS(?: Stream)?(?: Linux)? release ([0-9]+)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'CentOS');\nvar os_ver = os_ver[1];\nif ('CentOS Stream' >!< release) audit(AUDIT_OS_NOT, 'CentOS 8-Stream');\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'CentOS 8.x', 'CentOS ' + os_ver);\n\nif (!get_kb_item('Host/CentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'CentOS', cpu);\n\nvar pkgs = [\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'CentOS-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-psutil');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T15:56:34", "description": "The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the ELSA-2021-4324 advisory.\n\n - psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2021-11-17T00:00:00", "type": "nessus", "title": "Oracle Linux 8 : python-psutil (ELSA-2021-4324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2021-11-17T00:00:00", "cpe": ["cpe:/o:oracle:linux:8", "p-cpe:/a:oracle:linux:python3-psutil"], "id": "ORACLELINUX_ELSA-2021-4324.NASL", "href": "https://www.tenable.com/plugins/nessus/155410", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Oracle Linux Security Advisory ELSA-2021-4324.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(155410);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/11/17\");\n\n script_cve_id(\"CVE-2019-18874\");\n\n script_name(english:\"Oracle Linux 8 : python-psutil (ELSA-2021-4324)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Oracle Linux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Oracle Linux 8 host has a package installed that is affected by a vulnerability as referenced in the\nELSA-2021-4324 advisory.\n\n - psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount\n mishandling within a while or for loop that converts system data into a Python object. (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://linux.oracle.com/errata/ELSA-2021-4324.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-psutil package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18874\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/11/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:oracle:linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:oracle:linux:python3-psutil\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Oracle Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/OracleLinux\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/local_checks_enabled\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item('Host/OracleLinux')) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar release = get_kb_item(\"Host/RedHat/release\");\nif (isnull(release) || !pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux)\", string:release)) audit(AUDIT_OS_NOT, 'Oracle Linux');\nvar os_ver = pregmatch(pattern: \"Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Oracle Linux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'Oracle Linux 8', 'Oracle Linux ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Oracle Linux', cpu);\n\nvar pkgs = [\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'EL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release) {\n if (exists_check) {\n if (rpm_exists(release:release, rpm:exists_check) && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n } else {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-psutil');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2022-07-09T15:42:23", "description": "The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the ALSA-2021:4324 advisory.\n\n - psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object. (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}, "published": "2022-02-09T00:00:00", "type": "nessus", "title": "AlmaLinux 8 : python-psutil (ALSA-2021:4324)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2022-02-14T00:00:00", "cpe": ["p-cpe:/a:alma:linux:python3-psutil", "cpe:/o:alma:linux:8"], "id": "ALMA_LINUX_ALSA-2021-4324.NASL", "href": "https://www.tenable.com/plugins/nessus/157579", "sourceData": "#%NASL_MIN_LEVEL 70300\n##\n# (C) Tenable Network Security, Inc.\n#\n# The package checks in this plugin were extracted from\n# AlmaLinux Security Advisory ALSA-2021:4324.\n##\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(157579);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2022/02/14\");\n\n script_cve_id(\"CVE-2019-18874\");\n script_xref(name:\"ALSA\", value:\"2021:4324\");\n\n script_name(english:\"AlmaLinux 8 : python-psutil (ALSA-2021:4324)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote AlmaLinux host is missing a security update.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote AlmaLinux 8 host has a package installed that is affected by a vulnerability as referenced in the\nALSA-2021:4324 advisory.\n\n - psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount\n mishandling within a while or for loop that converts system data into a Python object. (CVE-2019-18874)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://errata.almalinux.org/8/ALSA-2021-4324.html\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected python3-psutil package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2019-18874\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2019/11/12\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/11/09\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2022/02/09\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:alma:linux:python3-psutil\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:alma:linux:8\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Alma Linux Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2022 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/AlmaLinux/release\", \"Host/AlmaLinux/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/AlmaLinux/release');\nif (isnull(release) || 'AlmaLinux' >!< release) audit(AUDIT_OS_NOT, 'AlmaLinux');\nvar os_ver = pregmatch(pattern: \"AlmaLinux release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'AlmaLinux');\nvar os_ver = os_ver[1];\nif (! preg(pattern:\"^8([^0-9]|$)\", string:os_ver)) audit(AUDIT_OS_NOT, 'AlmaLinux 8.x', 'AlmaLinux ' + os_ver);\n\nif (!get_kb_item('Host/AlmaLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'AlmaLinux', cpu);\n\nvar pkgs = [\n {'reference':'python3-psutil-5.4.3-11.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}\n];\n\nvar flag = 0;\nforeach var package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'Alma-' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference && release && (!exists_check || rpm_exists(release:release, rpm:exists_check))) {\n if (rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : rpm_report_get()\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python3-psutil');\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2021-08-19T12:45:44", "description": "Andy Brody reports :\n\nWhen Ruby rest-client processes an HTTP redirection response, it blindly passes along the values from any Set-Cookie headers to the redirection target, regardless of domain, path, or expiration.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2015-06-02T00:00:00", "type": "nessus", "title": "FreeBSD : rest-client -- session fixation vulnerability (83a7a720-07d8-11e5-9a28-001e67150279)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2015-1820"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:freebsd:freebsd:rubygem-rest-client", "cpe:/o:freebsd:freebsd"], "id": "FREEBSD_PKG_83A7A72007D811E59A28001E67150279.NASL", "href": "https://www.tenable.com/plugins/nessus/83941", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(83941);\n script_version(\"2.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2015-1820\");\n\n script_name(english:\"FreeBSD : rest-client -- session fixation vulnerability (83a7a720-07d8-11e5-9a28-001e67150279)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Andy Brody reports :\n\nWhen Ruby rest-client processes an HTTP redirection response, it\nblindly passes along the values from any Set-Cookie headers to the\nredirection target, regardless of domain, path, or expiration.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=200504\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://github.com/rest-client/rest-client/issues/369\"\n );\n # https://vuxml.freebsd.org/freebsd/83a7a720-07d8-11e5-9a28-001e67150279.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?82ba8770\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:rubygem-rest-client\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2015/03/24\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2015/05/31\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2015/06/02\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2015-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"rubygem-rest-client<1.6.7_1\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-07-13T15:04:42", "description": "This update for rubygem-actionpack-5_1 fixes the following issues :\n\n - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-09-30T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8164"], "modified": "2020-10-05T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1536.NASL", "href": "https://www.tenable.com/plugins/nessus/141074", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1536.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141074);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/05\");\n\n script_cve_id(\"CVE-2020-8164\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1536)\");\n script_summary(english:\"Check for the openSUSE-2020-1536 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-actionpack-5_1 fixes the following issues :\n\n - CVE-2020-8164: Possible Strong Parameters Bypass in\n ActionPack. There is a strong parameters bypass vector\n in ActionPack. (bsc#1172177)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-actionpack-5_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/26\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/09/30\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-actionpack-5_1-5.1.4-lp152.5.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-lp152.5.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-actionpack-5_1 / ruby2.5-rubygem-actionpack-doc-5_1\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-07-09T16:50:54", "description": "This update for rubygem-actionpack-5_1 fixes the following issues :\n\n - CVE-2020-8164: Possible Strong Parameters Bypass in ActionPack. There is a strong parameters bypass vector in ActionPack. (bsc#1172177)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}, "published": "2020-10-05T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8164"], "modified": "2020-10-07T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1533.NASL", "href": "https://www.tenable.com/plugins/nessus/141152", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1533.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141152);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/07\");\n\n script_cve_id(\"CVE-2020-8164\");\n\n script_name(english:\"openSUSE Security Update : rubygem-actionpack-5_1 (openSUSE-2020-1533)\");\n script_summary(english:\"Check for the openSUSE-2020-1533 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-actionpack-5_1 fixes the following issues :\n\n - CVE-2020-8164: Possible Strong Parameters Bypass in\n ActionPack. There is a strong parameters bypass vector\n in ActionPack. (bsc#1172177)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172177\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-actionpack-5_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-actionpack-doc-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/09/25\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/05\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-actionpack-5_1-5.1.4-lp151.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-actionpack-doc-5_1-5.1.4-lp151.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-actionpack-5_1 / ruby2.5-rubygem-actionpack-doc-5_1\");\n}\n", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-02-19T00:55:12", "description": "This update for rubygem-activesupport-5_1 fixes the following issues :\n\n - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1677)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165"], "modified": "2020-10-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-5_1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-doc-5_1", "cpe:/o:novell:opensuse:15.1"], "id": "OPENSUSE-2020-1677.NASL", "href": "https://www.tenable.com/plugins/nessus/141506", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1677.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141506);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/21\");\n\n script_cve_id(\"CVE-2020-8165\");\n\n script_name(english:\"openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1677)\");\n script_summary(english:\"Check for the openSUSE-2020-1677 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-activesupport-5_1 fixes the following issues :\n\n - CVE-2020-8165: Fixed deserialization of untrusted data\n in MemCacheStore potentially resulting in remote code\n execution (bsc#1172186)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-activesupport-5_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-doc-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.1\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/16\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.1)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.1\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-activesupport-5_1-5.1.4-lp151.3.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.1\", reference:\"ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-lp151.3.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-activesupport-5_1 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-02-19T00:52:10", "description": "This update for rubygem-activesupport-5_1 fixes the following issues :\n\n - CVE-2020-8165: Fixed deserialization of untrusted data in MemCacheStore potentially resulting in remote code execution (bsc#1172186)\n\nThis update was imported from the SUSE:SLE-15:Update update project.", "cvss3": {"score": 9.8, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}, "published": "2020-10-19T00:00:00", "type": "nessus", "title": "openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1679)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165"], "modified": "2020-10-21T00:00:00", "cpe": ["p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-5_1", "p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-doc-5_1", "cpe:/o:novell:opensuse:15.2"], "id": "OPENSUSE-2020-1679.NASL", "href": "https://www.tenable.com/plugins/nessus/141523", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from openSUSE Security Update openSUSE-2020-1679.\n#\n# The text description of this plugin is (C) SUSE LLC.\n#\n\ninclude(\"compat.inc\");\n\nif (description)\n{\n script_id(141523);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2020/10/21\");\n\n script_cve_id(\"CVE-2020-8165\");\n\n script_name(english:\"openSUSE Security Update : rubygem-activesupport-5_1 (openSUSE-2020-1679)\");\n script_summary(english:\"Check for the openSUSE-2020-1679 patch\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\"The remote openSUSE host is missing a security update.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"This update for rubygem-activesupport-5_1 fixes the following issues :\n\n - CVE-2020-8165: Fixed deserialization of untrusted data\n in MemCacheStore potentially resulting in remote code\n execution (bsc#1172186)\n\nThis update was imported from the SUSE:SLE-15:Update update project.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugzilla.opensuse.org/show_bug.cgi?id=1172186\"\n );\n script_set_attribute(\n attribute:\"solution\",\n value:\"Update the affected rubygem-activesupport-5_1 packages.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:novell:opensuse:ruby2.5-rubygem-activesupport-doc-5_1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:novell:opensuse:15.2\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/06/19\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2020/10/17\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2020/10/19\");\n script_set_attribute(attribute:\"generated_plugin\", value:\"current\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"SuSE Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/SuSE/release\", \"Host/SuSE/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"rpm.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item(\"Host/SuSE/release\");\nif (isnull(release) || release =~ \"^(SLED|SLES)\") audit(AUDIT_OS_NOT, \"openSUSE\");\nif (release !~ \"^(SUSE15\\.2)$\") audit(AUDIT_OS_RELEASE_NOT, \"openSUSE\", \"15.2\", release);\nif (!get_kb_item(\"Host/SuSE/rpm-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nourarch = get_kb_item(\"Host/cpu\");\nif (!ourarch) audit(AUDIT_UNKNOWN_ARCH);\nif (ourarch !~ \"^(x86_64)$\") audit(AUDIT_ARCH_NOT, \"x86_64\", ourarch);\n\nflag = 0;\n\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-activesupport-5_1-5.1.4-lp152.4.3.1\") ) flag++;\nif ( rpm_check(release:\"SUSE15.2\", reference:\"ruby2.5-rubygem-activesupport-doc-5_1-5.1.4-lp152.4.3.1\") ) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"ruby2.5-rubygem-activesupport-5_1 / etc\");\n}\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2022-01-19T15:51:31", "description": "\n\nRuby on Rails blog:\n\nHi everyone! Rails 5.2.4.3 and 6.0.3.1 have been released! These releases contain important security fixes, so please upgrade when you can.\nBoth releases contain the following fixes:\nCVE-2020-8162: Circumvention of file size limits in ActiveStorage\nCVE-2020-8164: Possible Strong Parameters Bypass in ActionPack\nCVE-2020-8165: Potentially unintended unmarshalling of user-provided objects in MemCacheStore and RedisCacheStore\nCVE-2020-8166: Ability to forge per-form CSRF tokens given a global CSRF token\nCVE-2020-8167: CSRF Vulnerability in rails-ujs\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 5.9}, "published": "2020-05-18T00:00:00", "type": "freebsd", "title": "Rails -- multiple vulnerabilities", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8162", "CVE-2020-8164", "CVE-2020-8165", "CVE-2020-8166", "CVE-2020-8167"], "modified": "2020-05-18T00:00:00", "id": "85FCA718-99F6-11EA-BF1D-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/85fca718-99f6-11ea-bf1d-08002728f74c.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nNational Vulnerability Database:\n\nThere's a possible information leak / session hijack vulnerability in\n\t Rack (RubyGem rack). This vulnerability is patched in versions 1.6.12\n\t and 2.0.8. Attackers may be able to find and hijack sessions by using\n\t timing attacks targeting the session id. Session ids are usually stored\n\t and indexed in a database that uses some kind of scheme for speeding up\n\t lookups of that session id. By carefully measuring the amount of time\n\t it takes to look up a session, an attacker may be able to find a valid\n\t session id and hijack the session. The session id itself may be\n\t generated randomly, but the way the session is indexed by the backing\n\t store does not use a secure comparison.\n\n\n", "cvss3": {"exploitabilityScore": 2.2, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "attackComplexity": "HIGH", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 5.9, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2019-12-08T00:00:00", "type": "freebsd", "title": "rack -- information leak / session hijack vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "PARTIAL", "availabilityImpact": "NONE", "integrityImpact": "NONE", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2019-16782"], "modified": "2019-12-08T00:00:00", "id": "66E4DC99-28B3-11EA-8DDE-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/66e4dc99-28b3-11ea-8dde-08002728f74c.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2022-01-19T15:51:30", "description": "\n\nRuby on Rails blog:\n\nRails 5.2.4.4 and 6.0.3.3 have been released! These releases contain an\n\t important security fix, so please upgrade when you can.\nBoth releases contain the following fix: [CVE-2020-15169] Potential XSS\n\t vulnerability in Action View\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "attackComplexity": "LOW", "scope": "CHANGED", "attackVector": "NETWORK", "availabilityImpact": "NONE", "integrityImpact": "LOW", "baseScore": 6.1, "privilegesRequired": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "userInteraction": "REQUIRED", "version": "3.1"}, "impactScore": 2.7}, "published": "2020-09-09T00:00:00", "type": "freebsd", "title": "Rails -- Potential XSS vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-15169"], "modified": "2020-09-09T00:00:00", "id": "7B630362-F468-11EA-A96C-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/7b630362-f468-11ea-a96c-08002728f74c.html", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2022-01-19T15:51:31", "description": "\n\nRuby on Rails blog:\n\nRails 6.0.3.2 has been released! This version of Rails contains an\n\t important security patch, and you should upgrade! The release contains\n\t only one patch that addresses CVE-2020-8185.\n\n\n", "cvss3": {"exploitabilityScore": 2.8, "cvssV3": {"baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "NONE", "baseScore": 6.5, "privilegesRequired": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "userInteraction": "NONE", "version": "3.1"}, "impactScore": 3.6}, "published": "2020-06-17T00:00:00", "type": "freebsd", "title": "Rails -- permission vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "NONE", "availabilityImpact": "PARTIAL", "integrityImpact": "NONE", "baseScore": 4.0, "vectorString": "AV:N/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "SINGLE"}, "acInsufInfo": false, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2020-8185"], "modified": "2020-06-17T00:00:00", "id": "FEB8AFDC-B3E5-11EA-9DF5-08002728F74C", "href": "https://vuxml.freebsd.org/freebsd/feb8afdc-b3e5-11ea-9df5-08002728f74c.html", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2022-01-19T15:51:32", "description": "\n\nAndy Brody reports:\n\nWhen Ruby rest-client processes an HTTP redirection response,\n\t it blindly passes along the values from any Set-Cookie headers to the\n\t redirection target, regardless of domain, path, or expiration.\n\n\n", "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2015-03-24T00:00:00", "type": "freebsd", "title": "rest-client -- session fixation vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2015-1820"], "modified": "2015-09-28T00:00:00", "id": "83A7A720-07D8-11E5-9A28-001E67150279", "href": "https://vuxml.freebsd.org/freebsd/83a7a720-07d8-11e5-9a28-001e67150279.html", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "openvas": [{"lastseen": "2020-07-21T20:10:01", "description": "Ruby on Rails is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "openvas", "title": "Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Windows)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165", "CVE-2020-8167", "CVE-2020-8164", "CVE-2020-8162"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310113712", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113712", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113712\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-29 11:40:59 +0000 (Mon, 29 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8167\");\n\n script_name(\"Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Windows)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - The Content-Length parameter of a direct file upload may be modified\n by an attacker to bypass upload limitations.\n\n - A deserialization vulnerability may allow an attacker to read sensitive information.\n\n - An attacker may unmarshal user-provided objects in MemCacheStore\n and RedisCacheStore resulting in arbitrary code execution.\n\n - A cross-site request forgery (CSRF) vulnerability in the rails-ujs module\n may allow an attacker to perform actions in the context of another user.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 5.2.4.2 and versions 6.0.0.0 through 6.0.3.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.2.4.3 or 6.0.3.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/789579\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/292797\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/413388\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/189878\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.2.4.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.2.4.3\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"6.0.0.0\", test_version2: \"6.0.3.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.0.3.1\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:10:01", "description": "Ruby on Rails is prone to multiple vulnerabilities.", "cvss3": {}, "published": "2020-06-29T00:00:00", "type": "openvas", "title": "Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Linux)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165", "CVE-2020-8167", "CVE-2020-8164", "CVE-2020-8162"], "modified": "2020-07-14T00:00:00", "id": "OPENVAS:1361412562310113709", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113709", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113709\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-29 11:40:59 +0000 (Mon, 29 Jun 2020)\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8162\", \"CVE-2020-8164\", \"CVE-2020-8165\", \"CVE-2020-8167\");\n\n script_name(\"Ruby on Raily < 5.2.4.3, 6.x < 6.0.3.1 Multiple Vulnerabilities (Linux)\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to multiple vulnerabilities.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"The following vulnerabilities exist:\n\n - The Content-Length parameter of a direct file upload may be modified\n by an attacker to bypass upload limitations.\n\n - A deserialization vulnerability may allow an attacker to read sensitive information.\n\n - An attacker may unmarshal user-provided objects in MemCacheStore\n and RedisCacheStore resulting in arbitrary code execution.\n\n - A cross-site request forgery (CSRF) vulnerability in the rails-ujs module\n may allow an attacker to perform actions in the context of another user.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 5.2.4.2 and versions 6.0.0.0 through 6.0.3.0.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.2.4.3 or 6.0.3.1 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://weblog.rubyonrails.org/2020/5/18/Rails-5-2-4-3-and-6-0-3-1-have-been-released/\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/789579\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/292797\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/413388\");\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/189878\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.2.4.3\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.2.4.3\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"6.0.0.0\", test_version2: \"6.0.3.0\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.0.3.1\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:07:06", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-06-20T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for rails (DLA-2251-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165", "CVE-2020-8164"], "modified": "2020-06-30T00:00:00", "id": "OPENVAS:1361412562310892251", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892251", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892251\");\n script_version(\"2020-06-30T08:17:39+0000\");\n script_cve_id(\"CVE-2020-8164\", \"CVE-2020-8165\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-06-30 08:17:39 +0000 (Tue, 30 Jun 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-06-20 03:00:10 +0000 (Sat, 20 Jun 2020)\");\n script_name(\"Debian LTS: Security Advisory for rails (DLA-2251-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/06/msg00022.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2251-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rails'\n package(s) announced via the DLA-2251-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Two vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8164\n\nStrong parameters bypass vector in ActionPack. In some cases user\nsupplied information can be inadvertently leaked from Strong\nParameters. Specifically the return value of `each`, or\n`each_value`, or `each_pair` will return the underlying\n'untrusted' hash of data that was read from the parameters.\nApplications that use this return value may be inadvertently use\nuntrusted user input.\n\nCVE-2020-8165\n\nPotentially unintended unmarshalling of user-provided objects in\nMemCacheStore. There is potentially unexpected behaviour in the\nMemCacheStore where, when untrusted user input is written to the\ncache store using the `raw: true` parameter, re-reading the result\nfrom the cache can evaluate the user input as a Marshalled object\ninstead of plain text. Unmarshalling of untrusted user input can\nhave impact up to and including RCE. At a minimum, this\nvulnerability allows an attacker to inject untrusted Ruby objects\ninto a web application.\n\nIn addition to upgrading to the latest versions of Rails,\ndevelopers should ensure that whenever they are calling\n`Rails.cache.fetch` they are using consistent values of the `raw`\nparameter for both reading and writing.\");\n\n script_tag(name:\"affected\", value:\"'rails' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', these problems have been fixed in version\n2:4.1.8-1+deb8u7.\n\nWe recommend that you upgrade your rails packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activesupport-2.3\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.1.8-1+deb8u7\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2020-07-21T20:05:10", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-07-21T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for rails (DLA-2282-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8165", "CVE-2020-8163", "CVE-2020-8164"], "modified": "2020-07-21T00:00:00", "id": "OPENVAS:1361412562310892282", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310892282", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.892282\");\n script_version(\"2020-07-21T03:01:31+0000\");\n script_cve_id(\"CVE-2020-8163\", \"CVE-2020-8164\", \"CVE-2020-8165\");\n script_tag(name:\"cvss_base\", value:\"7.5\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-07-21 10:01:45 +0000 (Tue, 21 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-21 03:01:31 +0000 (Tue, 21 Jul 2020)\");\n script_name(\"Debian LTS: Security Advisory for rails (DLA-2282-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2020/07/msg00013.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-2282-1\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rails'\n package(s) announced via the DLA-2282-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Multiple vulnerabilities were found in Ruby on Rails, a MVC ruby-based\nframework geared for web application development, which could lead to\nremote code execution and untrusted user input usage, depending on the\napplication.\n\nCVE-2020-8163\n\nA code injection vulnerability in Rails would allow an attacker\nwho controlled the `locals` argument of a `render` call to perform\na RCE.\n\nCVE-2020-8164\n\nA deserialization of untrusted data vulnerability exists in rails\nwhich can allow an attacker to supply information can be\ninadvertently leaked from Strong Parameters.\n\nCVE-2020-8165\n\nA deserialization of untrusted data vulnernerability exists in\nrails that can allow an attacker to unmarshal user-provided objects\nin MemCacheStore and RedisCacheStore potentially resulting in an\nRCE.\");\n\n script_tag(name:\"affected\", value:\"'rails' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 9 stretch, these problems have been fixed in version\n2:4.2.7.1-1+deb9u3.\n\nWe recommend that you upgrade your rails packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"rails\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionmailer\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionpack\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-actionview\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activejob\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activemodel\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activerecord\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-activesupport\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-rails\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-railties\", ver:\"2:4.2.7.1-1+deb9u3\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2019-07-04T18:56:38", "description": "A timing attack was discovered in the function for CSRF token validation\nof the Ruby rack protection\nframework.", "cvss3": {}, "published": "2018-07-16T00:00:00", "type": "openvas", "title": "Debian Security Advisory DSA 4247-1 (ruby-rack-protection - security update)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2018-1000119"], "modified": "2019-07-04T00:00:00", "id": "OPENVAS:1361412562310704247", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310704247", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# Auto-generated from advisory DSA 4247-1 using nvtgen 1.0\n# Script version: 1.0\n#\n# Author:\n# Greenbone Networks\n#\n# Copyright:\n# Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License as published by\n# the Free Software Foundation; either version 2 of the License, or\n# (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.704247\");\n script_version(\"2019-07-04T09:25:28+0000\");\n script_cve_id(\"CVE-2018-1000119\");\n script_name(\"Debian Security Advisory DSA 4247-1 (ruby-rack-protection - security update)\");\n script_tag(name:\"last_modification\", value:\"2019-07-04 09:25:28 +0000 (Thu, 04 Jul 2019)\");\n script_tag(name:\"creation_date\", value:\"2018-07-16 00:00:00 +0200 (Mon, 16 Jul 2018)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n script_xref(name:\"URL\", value:\"https://www.debian.org/security/2018/dsa-4247.html\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2018 Greenbone Networks GmbH http://greenbone.net\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB9\");\n script_tag(name:\"affected\", value:\"ruby-rack-protection on Debian Linux\");\n script_tag(name:\"solution\", value:\"For the stable distribution (stretch), this problem has been fixed in\nversion 1.5.3-2+deb9u1.\n\nWe recommend that you upgrade your ruby-rack-protection packages.\");\n\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/ruby-rack-protection\");\n script_tag(name:\"summary\", value:\"A timing attack was discovered in the function for CSRF token validation\nof the Ruby rack protection\nframework.\");\n script_tag(name:\"vuldetect\", value:\"This check tests the installed software version using the apt package manager.\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"ruby-rack-protection\", ver:\"1.5.3-2+deb9u1\", rls:\"DEB9\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-01-29T18:31:27", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-01-27T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for rubygem-rack (FEDORA-2020-57fc0d0156)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-16782"], "modified": "2020-01-28T00:00:00", "id": "OPENVAS:1361412562310877389", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877389", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877389\");\n script_version(\"2020-01-28T10:45:23+0000\");\n script_cve_id(\"CVE-2019-16782\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:N/A:N\");\n script_tag(name:\"last_modification\", value:\"2020-01-28 10:45:23 +0000 (Tue, 28 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-01-27 09:25:49 +0000 (Mon, 27 Jan 2020)\");\n script_name(\"Fedora: Security Advisory for rubygem-rack (FEDORA-2020-57fc0d0156)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-57fc0d0156\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HZXMWILCICQLA2BYSP6I2CRMUG53YBLX\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'rubygem-rack'\n package(s) announced via the FEDORA-2020-57fc0d0156 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Rack provides a minimal, modular and adaptable interface for developing\nweb applications in Ruby. By wrapping HTTP requests and responses in\nthe simplest way possible, it unifies and distills the API for web\nservers, web frameworks, and software in between (the so-called\nmiddleware) into a single method call.\");\n\n script_tag(name:\"affected\", value:\"'rubygem-rack' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"rubygem-rack\", rpm:\"rubygem-rack~2.0.8~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N"}}, {"lastseen": "2020-07-21T20:10:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8185"], "description": "Ruby on Rails is prone to a denial of service (DoS) vulnerability.", "modified": "2020-07-14T00:00:00", "published": "2020-07-06T00:00:00", "id": "OPENVAS:1361412562310113715", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113715", "type": "openvas", "title": "Ruby on Rails < 6.0.3.2 DoS Vulnerability", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113715\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-06 10:19:34 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8185\");\n\n script_name(\"Ruby on Rails < 6.0.3.2 DoS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to a denial of service (DoS) vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An untrusted user may run any pending migration in production.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to\n render legitimate users unable to use the application.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 6.0.3.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 6.0.3.2.\");\n\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/899069\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"6.0.3.2\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.0.3.2\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T20:10:01", "bulletinFamily": "scanner", "cvelist": ["CVE-2020-8185"], "description": "Ruby on Rails is prone to a denial of service (DoS) vulnerability.", "modified": "2020-07-14T00:00:00", "published": "2020-07-06T00:00:00", "id": "OPENVAS:1361412562310113716", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113716", "type": "openvas", "title": "Ruby on Rails < 6.0.3.2 DoS Vulnerability", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113716\");\n script_version(\"2020-07-14T14:24:25+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-14 14:24:25 +0000 (Tue, 14 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-06 10:19:34 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:S/C:N/I:N/A:P\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8185\");\n\n script_name(\"Ruby on Rails < 6.0.3.2 DoS Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Denial of Service\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to a denial of service (DoS) vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An untrusted user may run any pending migration in production.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an attacker to\n render legitimate users unable to use the application.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 6.0.3.1.\");\n\n script_tag(name:\"solution\", value:\"Update to version 6.0.3.2.\");\n\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/899069\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"6.0.3.2\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.0.3.2\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:N/A:P"}}, {"lastseen": "2020-03-03T18:42:37", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-02-28T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for python-psutil (FEDORA-2020-a06ebafad8)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2020-02-28T00:00:00", "id": "OPENVAS:1361412562310877527", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877527", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877527\");\n script_version(\"2020-02-28T12:26:57+0000\");\n script_cve_id(\"CVE-2019-18874\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-02-28 12:26:57 +0000 (Fri, 28 Feb 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-02-28 04:05:54 +0000 (Fri, 28 Feb 2020)\");\n script_name(\"Fedora: Security Advisory for python-psutil (FEDORA-2020-a06ebafad8)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC30\");\n\n script_xref(name:\"FEDORA\", value:\"2020-a06ebafad8\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P7QI7MOTZTFXQYU23CP3RAWXCERMOAS\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-psutil'\n package(s) announced via the FEDORA-2020-a06ebafad8 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"psutil is a module providing an interface for retrieving information on all\nrunning processes and system utilization (CPU, memory, disks, network, users) in\na portable way by using Python, implementing many functionalities offered by\ncommand line tools such as: ps, top, df, kill, free, lsof, free, netstat,\nifconfig, nice, ionice, iostat, iotop, uptime, pidof, tty, who, taskset, pmap.\");\n\n script_tag(name:\"affected\", value:\"'python-psutil' package(s) on Fedora 30.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC30\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-psutil\", rpm:\"python-psutil~5.6.7~1.fc30\", rls:\"FC30\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-03-14T16:44:13", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2020-03-12T00:00:00", "type": "openvas", "title": "Fedora: Security Advisory for python-psutil (FEDORA-2020-021fb887ac)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2020-03-13T00:00:00", "id": "OPENVAS:1361412562310877558", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310877558", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.877558\");\n script_version(\"2020-03-13T09:57:52+0000\");\n script_cve_id(\"CVE-2019-18874\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-03-13 09:57:52 +0000 (Fri, 13 Mar 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-03-12 04:04:58 +0000 (Thu, 12 Mar 2020)\");\n script_name(\"Fedora: Security Advisory for python-psutil (FEDORA-2020-021fb887ac)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Fedora Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/fedora\", \"ssh/login/rpms\", re:\"ssh/login/release=FC31\");\n\n script_xref(name:\"FEDORA\", value:\"2020-021fb887ac\");\n script_xref(name:\"URL\", value:\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLETTJYZL2SMBUI4Q2NGBMGPDPP54SRG\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-psutil'\n package(s) announced via the FEDORA-2020-021fb887ac advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"psutil is a module providing an interface for retrieving information on all\nrunning processes and system utilization (CPU, memory, disks, network, users) in\na portable way by using Python, implementing many functionalities offered by\ncommand line tools such as: ps, top, df, kill, free, lsof, free, netstat,\nifconfig, nice, ionice, iostat, iotop, uptime, pidof, tty, who, taskset, pmap.\");\n\n script_tag(name:\"affected\", value:\"'python-psutil' package(s) on Fedora 31.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-rpm.inc\");\n\nrelease = rpm_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"FC31\") {\n\n if(!isnull(res = isrpmvuln(pkg:\"python-psutil\", rpm:\"python-psutil~5.6.7~1.fc31\", rls:\"FC31\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if(__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2019-12-13T14:46:40", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-29T00:00:00", "type": "openvas", "title": "Ubuntu Update for python-psutil USN-4204-1", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2019-12-12T00:00:00", "id": "OPENVAS:1361412562310844253", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310844253", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.844253\");\n script_version(\"2019-12-12T11:35:23+0000\");\n script_cve_id(\"CVE-2019-18874\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2019-12-12 11:35:23 +0000 (Thu, 12 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2019-11-29 03:00:38 +0000 (Fri, 29 Nov 2019)\");\n script_name(\"Ubuntu Update for python-psutil USN-4204-1\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\", re:\"ssh/login/release=(UBUNTU18\\.04 LTS|UBUNTU19\\.10|UBUNTU19\\.04|UBUNTU16\\.04 LTS)\");\n\n script_xref(name:\"USN\", value:\"4204-1\");\n script_xref(name:\"URL\", value:\"https://lists.ubuntu.com/archives/ubuntu-security-announce/2019-November/005224.html\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-psutil'\n package(s) announced via the USN-4204-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"Riccardo Schirone discovered that psutil incorrectly handled certain\nreference counting operations. An attacker could use this issue to cause\npsutil to crash, resulting in a denial of service, or possibly execute\narbitrary code.\");\n\n script_tag(name:\"affected\", value:\"'python-psutil' package(s) on Ubuntu 19.10, Ubuntu 19.04, Ubuntu 18.04 LTS, Ubuntu 16.04 LTS.\");\n\n script_tag(name:\"solution\", value:\"Please install the updated package(s).\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nrelease = dpkg_get_ssh_release();\nif(!release)\n exit(0);\n\nres = \"\";\nreport = \"\";\n\nif(release == \"UBUNTU18.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"python-psutil\", ver:\"5.4.2-1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"python3-psutil\", ver:\"5.4.2-1ubuntu0.1\", rls:\"UBUNTU18.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.10\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"python-psutil\", ver:\"5.5.1-1ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"python3-psutil\", ver:\"5.5.1-1ubuntu0.19.10.1\", rls:\"UBUNTU19.10\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU19.04\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"python-psutil\", ver:\"5.5.1-1ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"python3-psutil\", ver:\"5.5.1-1ubuntu0.19.04.1\", rls:\"UBUNTU19.04\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nif(release == \"UBUNTU16.04 LTS\") {\n\n if(!isnull(res = isdpkgvuln(pkg:\"python-psutil\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(!isnull(res = isdpkgvuln(pkg:\"python3-psutil\", ver:\"3.4.2-1ubuntu0.1\", rls:\"UBUNTU16.04 LTS\"))) {\n report += res;\n }\n\n if(report != \"\") {\n security_message(data:report);\n } else if (__pkg_match) {\n exit(99);\n }\n exit(0);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-01-29T19:29:45", "description": "The remote host is missing an update for the ", "cvss3": {}, "published": "2019-11-26T00:00:00", "type": "openvas", "title": "Debian LTS: Security Advisory for python-psutil (DLA-1998-1)", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2019-18874"], "modified": "2020-01-29T00:00:00", "id": "OPENVAS:1361412562310891998", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310891998", "sourceData": "# Copyright (C) 2019 Greenbone Networks GmbH\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (C) the respective author(s)\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.891998\");\n script_version(\"2020-01-29T08:22:52+0000\");\n script_cve_id(\"CVE-2019-18874\");\n script_tag(name:\"cvss_base\", value:\"5.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:N/I:N/A:P\");\n script_tag(name:\"last_modification\", value:\"2020-01-29 08:22:52 +0000 (Wed, 29 Jan 2020)\");\n script_tag(name:\"creation_date\", value:\"2019-11-26 12:50:02 +0000 (Tue, 26 Nov 2019)\");\n script_name(\"Debian LTS: Security Advisory for python-psutil (DLA-1998-1)\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2019 Greenbone Networks GmbH\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\", re:\"ssh/login/release=DEB8\");\n\n script_xref(name:\"URL\", value:\"https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html\");\n script_xref(name:\"URL\", value:\"https://security-tracker.debian.org/tracker/DLA-1998-1\");\n script_xref(name:\"URL\", value:\"https://bugs.debian.org/944605\");\n\n script_tag(name:\"summary\", value:\"The remote host is missing an update for the 'python-psutil'\n package(s) announced via the DLA-1998-1 advisory.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable package version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"It was discovered that there were multiple double free\nvulnerabilities in python-psutil, a Python module providing\nconvenience functions for accessing system process data.\n\nThis was caused by incorrect reference counting handling within\nfor/while loops that convert system data into said Python objects.\");\n\n script_tag(name:\"affected\", value:\"'python-psutil' package(s) on Debian Linux.\");\n\n script_tag(name:\"solution\", value:\"For Debian 8 'Jessie', this issue has been fixed in python-psutil\nversion 2.1.1-1+deb8u1.\n\nWe recommend that you upgrade your python-psutil packages.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n script_tag(name:\"qod_type\", value:\"package\");\n\n exit(0);\n}\n\ninclude(\"revisions-lib.inc\");\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif(!isnull(res = isdpkgvuln(pkg:\"python-psutil\", ver:\"2.1.1-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\nif(!isnull(res = isdpkgvuln(pkg:\"python3-psutil\", ver:\"2.1.1-1+deb8u1\", rls:\"DEB8\"))) {\n report += res;\n}\n\nif(report != \"\") {\n security_message(data:report);\n} else if(__pkg_match) {\n exit(99);\n}\n\nexit(0);\n", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P"}}, {"lastseen": "2020-07-21T20:10:01", "description": "Ruby on Rails is prone to a cross-site request forgery (CSRF) vulnerability.", "cvss3": {}, "published": "2020-07-06T00:00:00", "type": "openvas", "title": "Ruby on Rails < 5.2.5, 6.x < 6.0.4 CSRF Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8166"], "modified": "2020-07-16T00:00:00", "id": "OPENVAS:1361412562310113713", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113713", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113713\");\n script_version(\"2020-07-16T09:26:29+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:26:29 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-06 10:10:26 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner_unreliable\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8166\");\n\n script_name(\"Ruby on Rails < 5.2.5, 6.x < 6.0.4 CSRF Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_unixoide\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to a cross-site request forgery (CSRF) vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An attacker can use a global CSRF token,\n as can be found in the authenticity_token meta tag, to forge form-specific CSRF tokens.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an authenticated attacer\n to perform actions in the context of another user.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 5.2.4 and versions 6.0.0 through 6.0.3.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.2.5 or 6.0.4 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/732415\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.2.5\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.2.5\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nif( version_in_range( version: version, test_version: \"6.0.0\", test_version2: \"6.0.3.2\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"6.0.4\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n\nexit( 99 );\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}, {"lastseen": "2020-07-21T20:10:01", "description": "Ruby on Rails is prone to a cross-site request forgery (CSRF) vulnerability.", "cvss3": {}, "published": "2020-07-06T00:00:00", "type": "openvas", "title": "Ruby on Rails < 5.2.5, 6.x < 6.0.4 CSRF Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2020-8166"], "modified": "2020-07-16T00:00:00", "id": "OPENVAS:1361412562310113714", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310113714", "sourceData": "# Copyright (C) 2020 Greenbone Networks GmbH\n# Some text descriptions might be excerpted from (a) referenced\n# source(s), and are Copyright (C) by the respective right holder(s).\n#\n# SPDX-License-Identifier: GPL-2.0-or-later\n#\n# This program is free software; you can redistribute it and/or\n# modify it under the terms of the GNU General Public License\n# as published by the Free Software Foundation; either version 2\n# of the License, or (at your option) any later version.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.113714\");\n script_version(\"2020-07-16T09:26:29+0000\");\n script_tag(name:\"last_modification\", value:\"2020-07-16 09:26:29 +0000 (Thu, 16 Jul 2020)\");\n script_tag(name:\"creation_date\", value:\"2020-07-06 10:10:26 +0000 (Mon, 06 Jul 2020)\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n script_cve_id(\"CVE-2020-8166\");\n\n script_name(\"Ruby on Rails < 5.2.5, 6.x < 6.0.4 CSRF Vulnerability\");\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (C) 2020 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_rails_consolidation.nasl\", \"os_detection.nasl\");\n script_mandatory_keys(\"rails/detected\", \"Host/runs_windows\");\n\n script_tag(name:\"summary\", value:\"Ruby on Rails is prone to a cross-site request forgery (CSRF) vulnerability.\");\n\n script_tag(name:\"vuldetect\", value:\"Checks if a vulnerable version is present on the target host.\");\n\n script_tag(name:\"insight\", value:\"An attacker can use a global CSRF token,\n as can be found in the authenticity_token meta tag, to forge form-specific CSRF tokens.\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation would allow an authenticated attacer\n to perform actions in the context of another user.\");\n\n script_tag(name:\"affected\", value:\"Ruby on Rails through version 5.2.4 and versions 6.0.0 through 6.0.3.\");\n\n script_tag(name:\"solution\", value:\"Update to version 5.2.5 or 6.0.4 respectively.\");\n\n script_xref(name:\"URL\", value:\"https://hackerone.com/reports/732415\");\n\n exit(0);\n}\n\nCPE = \"cpe:/a:rubyonrails:rails\";\n\ninclude( \"host_details.inc\" );\ninclude( \"version_func.inc\" );\n\nif( isnull( port = get_app_port( cpe: CPE ) ) )\n exit( 0 );\n\nif( ! infos = get_app_version_and_location( cpe: CPE, port: port, exit_no_version: TRUE ) )\n exit( 0 );\n\nversion = infos[\"version\"];\nlocation = infos[\"location\"];\n\nif( version_is_less( version: version, test_version: \"5.2.5\" ) ) {\n report = report_fixed_ver( installed_version: version, fixed_version: \"5.2.5\", install_path: location );\n security_message( data: report, port: port );\n exit( 0 );\n}\n
RHEL 7 : Satellite 6.9 Release (Moderate) (RHSA-2021:1313)
