7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
0.052 Low
EPSS
Percentile
93.0%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1536 advisory.
Red Hat Satellite is a system management solution that allows organizations to configure and maintain their systems without the necessity to provide public Internet access to their servers or other client systems. It performs provisioning and configuration management of predefined standard operating environments.
Security Fix(es):
* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: http request smuggling (CVE-2024-23829)
* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter (CVE-2024-22195)
Bug Fix(es):
2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE and CVs.
2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello content 2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq 2266140 - wrong links to provisioning guide in CR help 2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when updating the hypervisors 2266144 - Promoting a composite content view to environment with registry name as <%= lifecycle_environment.label %>/<%= repository.name %> on Red Hat Satellite 6 fails with 'undefined method '#label' for NilClass::Jail (NilClass)' 2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate 2266146 - katello:reimport fails with TypeError: no implicit conversion of String into Integer when there are product contents to move 2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint katello_available_module_streams_name_stream_context 2266148 - Adding a CV to a CCV lists CV versions disorderly 2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step 2266413 - [RFE] Add content view window and Update version window should display content view version, description and publishing date 2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the Login page or on the Dashboard page.
2266141 - wrong link to scap content documentation Users of Red Hat Satellite are advised to upgrade to these updated packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:1536. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(194355);
script_version("1.1");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2023-5189",
"CVE-2023-43665",
"CVE-2023-47627",
"CVE-2023-49081",
"CVE-2024-22195",
"CVE-2024-23334",
"CVE-2024-23829"
);
script_xref(name:"RHSA", value:"2024:1536");
script_name(english:"RHEL 8 : Satellite 6.14.3 Async Security Update (Moderate) (RHSA-2024:1536)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:1536 advisory.
Red Hat Satellite is a system management solution that allows organizations
to configure and maintain their systems without the necessity to provide
public Internet access to their servers or other client systems. It
performs provisioning and configuration management of predefined standard
operating environments.
Security Fix(es):
* automation-hub: Ansible Automation Hub: insecure galaxy-importer tarfile extraction (CVE-2023-5189)
* python-aiohttp: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python-aiohttp: http request smuggling (CVE-2024-23829)
* python-aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* python-aiohttp: aiohttp: HTTP request modification (CVE-2023-49081)
* python-django: Denial-of-service possibility in django.utils.text.Truncator (CVE-2023-43665)
* python-jinja2: jinja2: HTML attribute injection when passing user input as keys to xmlattr filter
(CVE-2024-22195)
Bug Fix(es):
2266107 - hammer host list does not print parameters even if they are present in the fields list like LCE
and CVs.
2266110 - Incremental update of *multiple* CVs with same repo of different content generates wrong katello
content
2266139 - Failed incremental CV import shows error: duplicate key value violates unique constraint
rpm_updatecollectionname_name_update_record_id_6ef33bed_uniq
2266140 - wrong links to provisioning guide in CR help
2266142 - When using the customer data (json) with 13 diff conf files, we can see some weird behavior when
updating the hypervisors
2266144 - Promoting a composite content view to environment with registry name as <%=
lifecycle_environment.label %>/<%= repository.name %> on Red Hat Satellite 6 fails with 'undefined
method '#label' for NilClass::Jail (NilClass)'
2266145 - CertificateCleanupJob fails with foreign key constraint violation on table cp_certificate
2266146 - katello:reimport fails with TypeError: no implicit conversion of String into Integer when
there are product contents to move
2266147 - Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique
constraint katello_available_module_streams_name_stream_context
2266148 - Adding a CV to a CCV lists CV versions disorderly
2266149 - 'Remove orphans' task fails on DeleteOrphanAlternateContentSources step
2266413 - [RFE] Add content view window and Update version window should display content view version,
description and publishing date
2266113 - [RFE] To make customers aware about satellite versions going EOL by adding warning banner on the
Login page or on the Dashboard page.
2266141 - wrong link to scap content documentation
Users of Red Hat Satellite are advised to upgrade to these updated
packages, which fix these bugs.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
# https://access.redhat.com/documentation/en-us/red_hat_satellite/6.14/html/upgrading_and_updating_red_hat_satellite/index
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?ae033dc0");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2234387");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2241046");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2249825");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2252235");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2257854");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2261887");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2261909");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266107");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266110");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266113");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266139");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266140");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266141");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266142");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266145");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266146");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266147");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266148");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266149");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266413");
# https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1536.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?21f76942");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:1536");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-23334");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(20, 22, 79, 444, 1333);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/10/05");
script_set_attribute(attribute:"patch_publication_date", value:"2024/03/27");
script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/28");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-aiohttp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-django");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-galaxy-importer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-jinja2");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-aiohttp");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-django");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-galaxy-importer");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-jinja2");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/layered/rhel8/x86_64/sat-capsule/6.14/debug',
'content/dist/layered/rhel8/x86_64/sat-capsule/6.14/os',
'content/dist/layered/rhel8/x86_64/sat-capsule/6.14/source/SRPMS',
'content/dist/layered/rhel8/x86_64/satellite/6.14/debug',
'content/dist/layered/rhel8/x86_64/satellite/6.14/os',
'content/dist/layered/rhel8/x86_64/satellite/6.14/source/SRPMS'
],
'pkgs': [
{'reference':'python39-aiohttp-3.9.2-0.1.el8pc', 'cpu':'x86_64', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2023-47627', 'CVE-2023-49081', 'CVE-2024-23334', 'CVE-2024-23829']},
{'reference':'python39-django-3.2.22-1.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2023-43665']},
{'reference':'python39-galaxy-importer-0.4.18-2.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2023-5189']},
{'reference':'python39-jinja2-3.1.3-0.1.el8pc', 'release':'8', 'el_string':'el8pc', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'satellite-6', 'cves':['CVE-2024-22195']}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_HOLE,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'python39-aiohttp / python39-django / python39-galaxy-importer / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | python39-aiohttp | p-cpe:/a:redhat:enterprise_linux:python39-aiohttp |
redhat | enterprise_linux | python-galaxy-importer | p-cpe:/a:redhat:enterprise_linux:python-galaxy-importer |
redhat | enterprise_linux | python-aiohttp | p-cpe:/a:redhat:enterprise_linux:python-aiohttp |
redhat | enterprise_linux | python39-jinja2 | p-cpe:/a:redhat:enterprise_linux:python39-jinja2 |
redhat | enterprise_linux | python-django | p-cpe:/a:redhat:enterprise_linux:python-django |
redhat | enterprise_linux | python39-galaxy-importer | p-cpe:/a:redhat:enterprise_linux:python39-galaxy-importer |
redhat | enterprise_linux | python-jinja2 | p-cpe:/a:redhat:enterprise_linux:python-jinja2 |
redhat | enterprise_linux | python39-django | p-cpe:/a:redhat:enterprise_linux:python39-django |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-43665
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-47627
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49081
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-5189
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22195
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23334
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-23829
www.nessus.org/u?21f76942
www.nessus.org/u?ae033dc0
access.redhat.com/errata/RHSA-2024:1536
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=2234387
bugzilla.redhat.com/show_bug.cgi?id=2241046
bugzilla.redhat.com/show_bug.cgi?id=2249825
bugzilla.redhat.com/show_bug.cgi?id=2252235
bugzilla.redhat.com/show_bug.cgi?id=2257854
bugzilla.redhat.com/show_bug.cgi?id=2261887
bugzilla.redhat.com/show_bug.cgi?id=2261909
bugzilla.redhat.com/show_bug.cgi?id=2266107
bugzilla.redhat.com/show_bug.cgi?id=2266110
bugzilla.redhat.com/show_bug.cgi?id=2266113
bugzilla.redhat.com/show_bug.cgi?id=2266139
bugzilla.redhat.com/show_bug.cgi?id=2266140
bugzilla.redhat.com/show_bug.cgi?id=2266141
bugzilla.redhat.com/show_bug.cgi?id=2266142
bugzilla.redhat.com/show_bug.cgi?id=2266144
bugzilla.redhat.com/show_bug.cgi?id=2266145
bugzilla.redhat.com/show_bug.cgi?id=2266146
bugzilla.redhat.com/show_bug.cgi?id=2266147
bugzilla.redhat.com/show_bug.cgi?id=2266148
bugzilla.redhat.com/show_bug.cgi?id=2266149
bugzilla.redhat.com/show_bug.cgi?id=2266413
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
7.8 High
AI Score
Confidence
High
0.052 Low
EPSS
Percentile
93.0%