Lucene search
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2024-0137.NASLHistoryJan 26, 2024 - 12:00 a.m.
RHEL 8 : idm:DL1 (RHSA-2024:0137)
2024-01-2600:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
5
redhat enterprise linux
vulnerability
security bypass
cross-site request forgery
rhsa-2024:0137
kdc
idm
ipa
nessus
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
7.6 High
AI Score
Confidence
High
9 High
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.027 Low
EPSS
Percentile
90.6%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:0137 advisory.
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.
Security Fix(es):
* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)
* ipa: Invalid CSRF protection (CVE-2023-5455)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:0137. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(189658);
script_version("1.3");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id("CVE-2020-17049", "CVE-2023-5455");
script_xref(name:"RHSA", value:"2024:0137");
script_name(english:"RHEL 8 : idm:DL1 (RHSA-2024:0137)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for idm:DL1.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:0137 advisory.
Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization
solution for both traditional and cloud-based enterprise environments.
Security Fix(es):
* Kerberos: delegation constrain bypass in S4U2Proxy (CVE-2020-17049)
* ipa: Invalid CSRF protection (CVE-2023-5455)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_0137.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ce3848dd");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2025721");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2242828");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:0137");
script_set_attribute(attribute:"solution", value:
"Update the RHEL idm:DL1 package based on the guidance in RHSA-2024:0137.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-17049");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_cwe_id(345, 352);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2020/11/10");
script_set_attribute(attribute:"patch_publication_date", value:"2024/01/10");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/01/26");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:8.8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:custodia");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client-epn");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-client-samba");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-python-compat");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-selinux");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-common");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-dns");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:opendnssec");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-jwcrypto");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-kdcproxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-qrcode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-yubico");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-custodia");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-ipaclient");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-ipalib");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-ipaserver");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-ipatests");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-pyusb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-qrcode");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-yubico");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:pyusb");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:slapi-nis");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:softhsm");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:softhsm-devel");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'eq', os_version: os_ver, rhel_version: '8.8')) audit(AUDIT_OS_NOT, 'Red Hat 8.8', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var appstreams = {
'idm:DL1': [
{
'repo_relative_urls': [
'content/e4s/rhel8/8.8/ppc64le/appstream/debug',
'content/e4s/rhel8/8.8/ppc64le/appstream/os',
'content/e4s/rhel8/8.8/ppc64le/appstream/source/SRPMS',
'content/e4s/rhel8/8.8/x86_64/appstream/debug',
'content/e4s/rhel8/8.8/x86_64/appstream/os',
'content/e4s/rhel8/8.8/x86_64/appstream/source/SRPMS',
'content/eus/rhel8/8.8/aarch64/appstream/debug',
'content/eus/rhel8/8.8/aarch64/appstream/os',
'content/eus/rhel8/8.8/aarch64/appstream/source/SRPMS',
'content/eus/rhel8/8.8/ppc64le/appstream/debug',
'content/eus/rhel8/8.8/ppc64le/appstream/os',
'content/eus/rhel8/8.8/ppc64le/appstream/source/SRPMS',
'content/eus/rhel8/8.8/s390x/appstream/debug',
'content/eus/rhel8/8.8/s390x/appstream/os',
'content/eus/rhel8/8.8/s390x/appstream/source/SRPMS',
'content/eus/rhel8/8.8/x86_64/appstream/debug',
'content/eus/rhel8/8.8/x86_64/appstream/os',
'content/eus/rhel8/8.8/x86_64/appstream/source/SRPMS',
'content/tus/rhel8/8.8/x86_64/appstream/debug',
'content/tus/rhel8/8.8/x86_64/appstream/os',
'content/tus/rhel8/8.8/x86_64/appstream/source/SRPMS'
],
'pkgs': [
{'reference':'bind-dyndb-ldap-11.6-4.module+el8.8.0+17351+9a3fb056', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-client-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-client-common-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-client-epn-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-client-samba-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-common-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-healthcheck-0.12-1.module+el8.8.0+17582+6bf5bf91', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-healthcheck-core-0.12-1.module+el8.8.0+17582+6bf5bf91', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-python-compat-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-selinux-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-server-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-server-common-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-server-dns-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'ipa-server-trust-ad-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'opendnssec-2.1.7-1.module+el8.4.0+9007+5084bdd8', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-custodia-0.6.0-3.module+el8.1.0+4098+f286395e', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-ipaclient-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-ipalib-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-ipaserver-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-ipatests-4.9.11-9.module+el8.8.0+20825+52dd1628', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-jwcrypto-0.5.0-1.1.module+el8.7.0+15842+306cbc83', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-kdcproxy-0.4-5.module+el8.2.0+4691+a05b2456', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-pyusb-1.0.0-9.1.module+el8.7.0+15691+2b2c1dd5', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-qrcode-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-qrcode-core-5.1-12.module+el8.1.0+4098+f286395e', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'python3-yubico-1.3.2-9.1.module+el8.7.0+15691+2b2c1dd5', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'slapi-nis-0.60.0-4.module+el8.8.0+20635+330e3683', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'softhsm-2.6.0-5.module+el8.4.0+10227+076cd560', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
{'reference':'softhsm-devel-2.6.0-5.module+el8.4.0+10227+076cd560', 'sp':'8', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
]
}
]
};
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:appstreams, appstreams:TRUE);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var module_ver = get_kb_item('Host/RedHat/appstream/idm');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');
if ('DL1' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module idm:' + module_ver);
var flag = 0;
var appstreams_found = 0;
foreach var module (keys(appstreams)) {
var appstream = NULL;
var appstream_name = NULL;
var appstream_version = NULL;
var appstream_split = split(module, sep:':', keep:FALSE);
if (!empty_or_null(appstream_split)) {
appstream_name = appstream_split[0];
appstream_version = appstream_split[1];
if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
}
if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
appstreams_found++;
foreach var module_array ( appstreams[module] ) {
var repo_relative_urls = NULL;
if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];
foreach var package_array ( module_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
if (!empty_or_null(package_array['release'])) _release = 'RHEL' + package_array['release'];
if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
}
}
if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module idm:DL1');
if (flag)
{
var subscription_caveat = '\n' +
'NOTE: This vulnerability check contains fixes that apply to\n' +
'packages only available in the Red Hat Enterprise Linux\n' +
'Extended Update Support repository.\n' +
'Access to this repository requires a paid RHEL subscription.\n';
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = subscription_caveat + rpm_report_get() + redhat_report_repo_caveat();
else extra = subscription_caveat + rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'bind-dyndb-ldap / custodia / ipa-client / ipa-client-common / etc');
}
| Vendor | Product | Version | CPE |
|---|---|---|---|
| redhat | enterprise_linux | softhsm-devel | p-cpe:/a:redhat:enterprise_linux:softhsm-devel |
| redhat | enterprise_linux | opendnssec | p-cpe:/a:redhat:enterprise_linux:opendnssec |
| redhat | enterprise_linux | ipa | p-cpe:/a:redhat:enterprise_linux:ipa |
| redhat | enterprise_linux | python3-ipaserver | p-cpe:/a:redhat:enterprise_linux:python3-ipaserver |
| redhat | enterprise_linux | ipa-server-dns | p-cpe:/a:redhat:enterprise_linux:ipa-server-dns |
| redhat | enterprise_linux | ipa-common | p-cpe:/a:redhat:enterprise_linux:ipa-common |
| redhat | enterprise_linux | ipa-server-trust-ad | p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad |
| redhat | enterprise_linux | python3-jwcrypto | p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto |
| redhat | enterprise_linux | slapi-nis | p-cpe:/a:redhat:enterprise_linux:slapi-nis |
| redhat | enterprise_linux | ipa-client | p-cpe:/a:redhat:enterprise_linux:ipa-client |
References
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17049
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5455
www.nessus.org/u?ce3848dd
access.redhat.com/errata/RHSA-2024:0137
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2025721
bugzilla.redhat.com/show_bug.cgi?id=2242828
Related
nessus
nessus
CentOS 8 : idm:DL1 (CESA-2024:0143)
2024-01-10 00:00:00
RHEL 8 : idm:DL1 (RHSA-2024:0143)
2024-01-10 00:00:00
RHEL 8 : krb5 (RHSA-2024:0252)
2024-01-15 00:00:00
rocky
rocky
idm:DL1 security update
2024-01-12 19:57:42
osv
osv
Moderate: idm:DL1 security update
2024-01-10 00:00:00
Moderate: idm:DL1 security update
2024-01-12 19:57:42
Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 00:00:00
redhat
redhat
(RHSA-2024:0143) Moderate: idm:DL1 security update
2024-01-10 12:30:55
(RHSA-2024:0139) Moderate: idm:DL1 security update
2024-01-10 12:29:21
(RHSA-2024:0137) Moderate: idm:DL1 security update
2024-01-10 12:11:25
almalinux
almalinux
Moderate: idm:DL1 security update
2024-01-10 00:00:00
Moderate: krb5 security, bug fix, and enhancement update
2023-05-09 00:00:00
Moderate: ipa security update
2024-01-10 00:00:00
oraclelinux
oraclelinux
idm:DL1 security update
2024-01-12 00:00:00
krb5 security, bug fix, and enhancement update
2023-05-15 00:00:00
ipa security update
2024-01-11 00:00:00
mskb
mskb
July 13, 2021 Public preview security update (KB5004243)
2021-06-02 00:00:00
June 8, 2021 Public preview security update (KB5003645)
2021-05-05 00:00:00
March 9, 2021—KB5000856 (Security-only update)
2021-03-09 08:00:00
prion
prion
Security feature bypass
2020-11-11 07:15:00
Cross site request forgery (csrf)
2024-01-10 13:15:00
cbl_mariner
cbl_mariner
CVE-2020-17049 affecting package samba 4.12.5-6
2024-06-07 16:01:28
cvelist
cvelist
CVE-2020-17049 Kerberos KDC Security Feature Bypass Vulnerability
2020-11-11 00:00:00
CVE-2023-5455 Ipa: invalid csrf protection
2024-01-10 12:33:00
altlinux
altlinux
Security fix for the ALT Linux 10 package samba version 4.14.9-alt1
2021-11-01 00:00:00
redhatcve
redhatcve
CVE-2020-17049
2021-11-22 20:20:39
CVE-2023-5455
2024-01-10 12:32:40
attackerkb
attackerkb
CVE-2020-17049
2020-11-11 00:00:00
nvd
nvd
CVE-2020-17049
2020-11-11 07:15:16
CVE-2023-5455
2024-01-10 13:15:48
cve
cve
CVE-2020-17049
2020-11-11 07:15:16
CVE-2023-5455
2024-01-10 13:15:48
openvas
openvas
Samba Security Feature Bypass Vulnerability (CVE-2020-17049)
2021-10-28 00:00:00
Fedora: Security Advisory for freeipa (FEDORA-2024-403145c4fb)
2024-01-26 00:00:00
Fedora: Security Advisory for freeipa (FEDORA-2024-9ab2666594)
2024-01-26 00:00:00
msrc
msrc
Kerberos KDC の脆弱性 (CVE-2020-17049) に対応するためのガイダンス
2020-11-19 08:00:00
mscve
mscve
Kerberos KDC Security Feature Bypass Vulnerability
2020-11-10 08:00:00
amazon
amazon
Medium: ipa
2024-02-15 03:52:00
Important: samba
2022-12-01 17:33:00
debiancve
debiancve
CVE-2023-5455
2024-01-10 13:15:48
redos
redos
ROS-20240402-09
2024-04-02 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: freeipa-4.11.1-1.fc39
2024-01-26 00:38:32
[SECURITY] Fedora 38 Update: freeipa-4.10.3-1.fc38
2024-01-26 00:43:14
ubuntucve
ubuntucve
CVE-2023-5455
2024-01-10 00:00:00
centos
centos
ipa, python2 security update
2024-01-12 19:09:24
suse
suse
Security update for samba and ldb (important)
2021-11-10 00:00:00
kaspersky
kaspersky
KLA12003 Multiple vulnerabilities in Microsoft Products (ESU)
2020-11-10 00:00:00
KLA12004 Multiple vulnerabilities in Microsoft Windows
2020-11-10 00:00:00
gentoo
gentoo
Samba: Multiple Vulnerabilities
2023-09-17 00:00:00
avleonov
avleonov
6.6 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C
7.6 High
AI Score
Confidence
High
9 High
CVSS2
Access Vector
Access Complexity
Authentication
SINGLE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:S/C:C/I:C/A:C
0.027 Low
EPSS
Percentile
90.6%
Related for REDHAT-RHSA-2024-0137.NASL