CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
75.5%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4711 advisory.
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
* normalize-url: ReDoS for data URLs (CVE-2021-33502)
* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:4711. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(161619);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2021-3807",
"CVE-2021-23425",
"CVE-2021-33502",
"CVE-2021-41182",
"CVE-2021-41183",
"CVE-2021-41184"
);
script_xref(name:"RHSA", value:"2022:4711");
script_name(english:"RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.0] (RHSA-2022:4711)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for RHV Manager (ovirt-engine) [ovirt-4.5.0].");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2022:4711 advisory.
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform
that allows system administrators to view and manage virtual machines. The Manager provides a
comprehensive range of features including search capabilities, resource management, live migrations, and
virtual infrastructure provisioning.
Security Fix(es):
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
(CVE-2021-3807)
* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
* normalize-url: ReDoS for data URLs (CVE-2021-33502)
* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_4711.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?517ba17a");
# https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4e9fb3f");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:4711");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1624015");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1648985");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1667517");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1687845");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1781241");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1782056");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1849169");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1878930");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1922977");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1926625");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1927985");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1944290");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1944834");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1956295");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1959186");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1964208");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1964461");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1971622");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1974741");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1979441");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1979797");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1980192");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1986726");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1986834");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1987121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1988496");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1990462");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1991240");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1995793");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1996123");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1998255");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1999698");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2000031");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2002283");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2003883");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2003996");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2006602");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2006745");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2007384");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2007557");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2008798");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2010203");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2010903");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2013928");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2014888");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2015796");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2019144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2019148");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2019153");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2021217");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2023250");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2023786");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2024202");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2025936");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2030596");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2030663");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2031027");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2035051");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2037115");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2037121");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2040361");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2040402");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2040474");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2041544");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2043146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2044273");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2048546");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050566");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2050614");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2051857");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2052557");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2052690");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2054756");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2055136");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056021");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2056126");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2058264");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2059521");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2059877");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2061904");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2065052");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2066084");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2066283");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2069972");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070156");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2071468");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072637");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072639");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072641");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072642");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072645");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072646");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2075352");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=655153");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=977778");
script_set_attribute(attribute:"solution", value:
"Update the RHEL RHV Manager (ovirt-engine) [ovirt-4.5.0] package based on the guidance in RHSA-2022:4711.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2021-41184");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(79, 400);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/24");
script_set_attribute(attribute:"patch_publication_date", value:"2022/05/26");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/05/27");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-backend");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dbscripts");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-health-check-bundler");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-restapi");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-base");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-cinderlib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-imageio");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-vmconsole-proxy-helper");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-websocket-proxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools-backup");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-ui-extensions");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-vmconsole-proxy-helper");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-webadmin-portal");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-engine-websocket-proxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-ovirt-engine-lib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhvm");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/debug',
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/os',
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/source/SRPMS'
],
'pkgs': [
{'reference':'ovirt-engine-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-backend-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-dbscripts-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-health-check-bundler-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-restapi-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-base-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-plugin-cinderlib-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-plugin-imageio-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-plugin-ovirt-engine-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-plugin-ovirt-engine-common-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-plugin-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-setup-plugin-websocket-proxy-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-tools-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-tools-backup-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-ui-extensions-1.3.3-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-3807', 'CVE-2021-23425', 'CVE-2021-33502']},
{'reference':'ovirt-engine-vmconsole-proxy-helper-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-webadmin-portal-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-engine-websocket-proxy-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'ovirt-web-ui-1.8.1-2.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-33502']},
{'reference':'python3-ovirt-engine-lib-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']},
{'reference':'rhvm-4.5.0.7-0.9.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-41182', 'CVE-2021-41183', 'CVE-2021-41184']}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'ovirt-engine / ovirt-engine-backend / ovirt-engine-dbscripts / etc');
}
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-23425
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33502
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41182
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41183
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41184
www.nessus.org/u?517ba17a
www.nessus.org/u?b4e9fb3f
access.redhat.com/errata/RHSA-2022:4711
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1624015
bugzilla.redhat.com/show_bug.cgi?id=1648985
bugzilla.redhat.com/show_bug.cgi?id=1667517
bugzilla.redhat.com/show_bug.cgi?id=1687845
bugzilla.redhat.com/show_bug.cgi?id=1781241
bugzilla.redhat.com/show_bug.cgi?id=1782056
bugzilla.redhat.com/show_bug.cgi?id=1849169
bugzilla.redhat.com/show_bug.cgi?id=1878930
bugzilla.redhat.com/show_bug.cgi?id=1922977
bugzilla.redhat.com/show_bug.cgi?id=1926625
bugzilla.redhat.com/show_bug.cgi?id=1927985
bugzilla.redhat.com/show_bug.cgi?id=1944290
bugzilla.redhat.com/show_bug.cgi?id=1944834
bugzilla.redhat.com/show_bug.cgi?id=1956295
bugzilla.redhat.com/show_bug.cgi?id=1959186
bugzilla.redhat.com/show_bug.cgi?id=1964208
bugzilla.redhat.com/show_bug.cgi?id=1964461
bugzilla.redhat.com/show_bug.cgi?id=1971622
bugzilla.redhat.com/show_bug.cgi?id=1974741
bugzilla.redhat.com/show_bug.cgi?id=1979441
bugzilla.redhat.com/show_bug.cgi?id=1979797
bugzilla.redhat.com/show_bug.cgi?id=1980192
bugzilla.redhat.com/show_bug.cgi?id=1986726
bugzilla.redhat.com/show_bug.cgi?id=1986834
bugzilla.redhat.com/show_bug.cgi?id=1987121
bugzilla.redhat.com/show_bug.cgi?id=1988496
bugzilla.redhat.com/show_bug.cgi?id=1990462
bugzilla.redhat.com/show_bug.cgi?id=1991240
bugzilla.redhat.com/show_bug.cgi?id=1995793
bugzilla.redhat.com/show_bug.cgi?id=1996123
bugzilla.redhat.com/show_bug.cgi?id=1998255
bugzilla.redhat.com/show_bug.cgi?id=1999698
bugzilla.redhat.com/show_bug.cgi?id=2000031
bugzilla.redhat.com/show_bug.cgi?id=2002283
bugzilla.redhat.com/show_bug.cgi?id=2003883
bugzilla.redhat.com/show_bug.cgi?id=2003996
bugzilla.redhat.com/show_bug.cgi?id=2006602
bugzilla.redhat.com/show_bug.cgi?id=2006745
bugzilla.redhat.com/show_bug.cgi?id=2007384
bugzilla.redhat.com/show_bug.cgi?id=2007557
bugzilla.redhat.com/show_bug.cgi?id=2008798
bugzilla.redhat.com/show_bug.cgi?id=2010203
bugzilla.redhat.com/show_bug.cgi?id=2010903
bugzilla.redhat.com/show_bug.cgi?id=2013928
bugzilla.redhat.com/show_bug.cgi?id=2014888
bugzilla.redhat.com/show_bug.cgi?id=2015796
bugzilla.redhat.com/show_bug.cgi?id=2019144
bugzilla.redhat.com/show_bug.cgi?id=2019148
bugzilla.redhat.com/show_bug.cgi?id=2019153
bugzilla.redhat.com/show_bug.cgi?id=2021217
bugzilla.redhat.com/show_bug.cgi?id=2023250
bugzilla.redhat.com/show_bug.cgi?id=2023786
bugzilla.redhat.com/show_bug.cgi?id=2024202
bugzilla.redhat.com/show_bug.cgi?id=2025936
bugzilla.redhat.com/show_bug.cgi?id=2030596
bugzilla.redhat.com/show_bug.cgi?id=2030663
bugzilla.redhat.com/show_bug.cgi?id=2031027
bugzilla.redhat.com/show_bug.cgi?id=2035051
bugzilla.redhat.com/show_bug.cgi?id=2037115
bugzilla.redhat.com/show_bug.cgi?id=2037121
bugzilla.redhat.com/show_bug.cgi?id=2040361
bugzilla.redhat.com/show_bug.cgi?id=2040402
bugzilla.redhat.com/show_bug.cgi?id=2040474
bugzilla.redhat.com/show_bug.cgi?id=2041544
bugzilla.redhat.com/show_bug.cgi?id=2043146
bugzilla.redhat.com/show_bug.cgi?id=2044273
bugzilla.redhat.com/show_bug.cgi?id=2048546
bugzilla.redhat.com/show_bug.cgi?id=2050566
bugzilla.redhat.com/show_bug.cgi?id=2050614
bugzilla.redhat.com/show_bug.cgi?id=2051857
bugzilla.redhat.com/show_bug.cgi?id=2052557
bugzilla.redhat.com/show_bug.cgi?id=2052690
bugzilla.redhat.com/show_bug.cgi?id=2054756
bugzilla.redhat.com/show_bug.cgi?id=2055136
bugzilla.redhat.com/show_bug.cgi?id=2056021
bugzilla.redhat.com/show_bug.cgi?id=2056052
bugzilla.redhat.com/show_bug.cgi?id=2056126
bugzilla.redhat.com/show_bug.cgi?id=2058264
bugzilla.redhat.com/show_bug.cgi?id=2059521
bugzilla.redhat.com/show_bug.cgi?id=2059877
bugzilla.redhat.com/show_bug.cgi?id=2061904
bugzilla.redhat.com/show_bug.cgi?id=2065052
bugzilla.redhat.com/show_bug.cgi?id=2066084
bugzilla.redhat.com/show_bug.cgi?id=2066283
bugzilla.redhat.com/show_bug.cgi?id=2069972
bugzilla.redhat.com/show_bug.cgi?id=2070156
bugzilla.redhat.com/show_bug.cgi?id=2071468
bugzilla.redhat.com/show_bug.cgi?id=2072637
bugzilla.redhat.com/show_bug.cgi?id=2072639
bugzilla.redhat.com/show_bug.cgi?id=2072641
bugzilla.redhat.com/show_bug.cgi?id=2072642
bugzilla.redhat.com/show_bug.cgi?id=2072645
bugzilla.redhat.com/show_bug.cgi?id=2072646
bugzilla.redhat.com/show_bug.cgi?id=2075352
bugzilla.redhat.com/show_bug.cgi?id=655153
bugzilla.redhat.com/show_bug.cgi?id=977778
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
AI Score
Confidence
Low
EPSS
Percentile
75.5%