Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.REDHAT-RHSA-2024-1640.NASL
HistoryApr 09, 2024 - 12:00 a.m.

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:1640)

2024-04-0900:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
20
rhel 8
rhel 9
ansible
security update
vulnerabilities
denial of service
resource consumption
local file inclusion
exposure of confidential data
http parser
memory leaks
directory traversal
http request smuggling
denial-of-service
regular expression

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.5 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:1640 advisory.

Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing     IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to     individual teams, while automation developers retain the freedom to write tasks that leverage existing     knowledge without the overhead. Ansible Automation Platform makes it possible for users across an     organization to share, vet, and manage automation content by means of a simple, powerful, and agentless     language.

Security Fix(es):

* automation-controller: Django: denial-of-service in 'intcomma' template filter (CVE-2024-24680)
* automation-controller: aiohttp: http request smuggling (CVE-2024-23829)
* automation-controller: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* automation-controller: Jinja2: HTML attribute injection when passing user input as keys to xmlattr     filter (CVE-2024-22195)
* automation-controller: cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)
* automation-controller: aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
* automation-controller: Twisted: disordered HTTP pipeline response in twisted.web (CVE-2023-46137)
* automation-controller: axios: exposure of confidential data stored in cookies (CVE-2023-45857)
* automation-controller: GitPython: Blind local file inclusion (CVE-2023-41040)
* python3-aiohttp/python39-aiohttp: http request smuggling (CVE-2024-23829)
* python3-aiohttp/python39-aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
* python3-django/python39-django: Potential regular expression denial-of-service in     django.utils.text.Truncator.words() (CVE-2024-27351)
* receptor: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads     (CVE-2024-1394)
* receptor: golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests     (CVE-2023-39326)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

Updates and fixes for automation controller:
* Fixed bug where schedule prompted variables and survey answers were reset on edit when changing one of     the basic form fields (AAP-20967)
* Fixed the update execution environment image to no longer fail jobs that use the previous image     (AAP-21733)
* Removed string validation using comparisons of English literals for comparison, replacing validation     with error/op codes as a universal approach to validation and comparison (AAP-21721)
* Fixed dispatcher to appropriately terminate child processes when dispatcher terminates (AAP-21049)
* Fixed upgrade from Ansible Tower 3.8.6 to AAP 2.4 to no longer fail upon database schema migration     (AAP-19738)
* automation-controller has been updated to 4.5.5

Updates and fixes for receptor:
* Fixes a receptor dialing issue where the connection attempt is timed out too aggressively (AAP-21838,     AAP-21828)
* receptor has been updated to 1.4.5

Additional fixes:
* ansible-core has been updated to 2.15.10
* ansible-runner has been updated to 2.3.6
* python3-aiohttp/python39-aiohttp has been updated to 3.9.3
* python3-django/python39-django has been updated  4.2.11
* python3-pulpcore/python39-pulpcore has been updated 3.28.24

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2024:1640. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(193086);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");

  script_cve_id(
    "CVE-2023-39326",
    "CVE-2023-41040",
    "CVE-2023-45857",
    "CVE-2023-46137",
    "CVE-2023-47627",
    "CVE-2023-49083",
    "CVE-2024-1394",
    "CVE-2024-22195",
    "CVE-2024-23334",
    "CVE-2024-23829",
    "CVE-2024-24680",
    "CVE-2024-27351"
  );
  script_xref(name:"IAVA", value:"2024-A-0126");
  script_xref(name:"RHSA", value:"2024:1640");

  script_name(english:"RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:1640)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2024:1640 advisory.

    Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing
    IT automation at scale. IT Managers can provide top-down guidelines on how automation is applied to
    individual teams, while automation developers retain the freedom to write tasks that leverage existing
    knowledge without the overhead. Ansible Automation Platform makes it possible for users across an
    organization to share, vet, and manage automation content by means of a simple, powerful, and agentless
    language.

    Security Fix(es):

    * automation-controller: Django: denial-of-service in 'intcomma' template filter (CVE-2024-24680)
    * automation-controller: aiohttp: http request smuggling (CVE-2024-23829)
    * automation-controller: aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
    * automation-controller: Jinja2: HTML attribute injection when passing user input as keys to xmlattr
    filter (CVE-2024-22195)
    * automation-controller: cryptography: NULL-dereference when loading PKCS7 certificates (CVE-2023-49083)
    * automation-controller: aiohttp: numerous issues in HTTP parser with header parsing (CVE-2023-47627)
    * automation-controller: Twisted: disordered HTTP pipeline response in twisted.web (CVE-2023-46137)
    * automation-controller: axios: exposure of confidential data stored in cookies (CVE-2023-45857)
    * automation-controller: GitPython: Blind local file inclusion (CVE-2023-41040)
    * python3-aiohttp/python39-aiohttp: http request smuggling (CVE-2024-23829)
    * python3-aiohttp/python39-aiohttp: follow_symlinks directory traversal vulnerability (CVE-2024-23334)
    * python3-django/python39-django: Potential regular expression denial-of-service in
    django.utils.text.Truncator.words() (CVE-2024-27351)
    * receptor: golang-fips/openssl: Memory leaks in code encrypting and decrypting RSA payloads
    (CVE-2024-1394)
    * receptor: golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests
    (CVE-2023-39326)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
    other related information, refer to the CVE page(s) listed in the References section.

    Updates and fixes for automation controller:
    * Fixed bug where schedule prompted variables and survey answers were reset on edit when changing one of
    the basic form fields (AAP-20967)
    * Fixed the update execution environment image to no longer fail jobs that use the previous image
    (AAP-21733)
    * Removed string validation using comparisons of English literals for comparison, replacing validation
    with error/op codes as a universal approach to validation and comparison (AAP-21721)
    * Fixed dispatcher to appropriately terminate child processes when dispatcher terminates (AAP-21049)
    * Fixed upgrade from Ansible Tower 3.8.6 to AAP 2.4 to no longer fail upon database schema migration
    (AAP-19738)
    * automation-controller has been updated to 4.5.5

    Updates and fixes for receptor:
    * Fixes a receptor dialing issue where the connection attempt is timed out too aggressively (AAP-21838,
    AAP-21828)
    * receptor has been updated to 1.4.5

    Additional fixes:
    * ansible-core has been updated to 2.15.10
    * ansible-runner has been updated to 2.3.6
    * python3-aiohttp/python39-aiohttp has been updated to 3.9.3
    * python3-django/python39-django has been updated  4.2.11
    * python3-pulpcore/python39-pulpcore has been updated 3.28.24

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2246264");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2247040");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2248979");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2249825");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2253330");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2255331");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2257854");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2261856");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2261887");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2261909");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2262921");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2266045");
  # https://access.redhat.com/security/data/csaf/v2/advisories/2024/rhsa-2024_1640.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?0cce9392");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2024:1640");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-23334");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(22, 79, 200, 400, 401, 444, 476, 1333);
  script_set_attribute(attribute:"vendor_severity", value:"Moderate");

  script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/26");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/04/02");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/04/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:9");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:automation-controller-venv-tower");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-aiohttp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python-django");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-aiohttp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3-django");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-aiohttp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python39-django");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3x-aiohttp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:python3x-django");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:receptor");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:receptorctl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['8','9'])) audit(AUDIT_OS_NOT, 'Red Hat 8.x / 9.x', 'Red Hat ' + os_ver);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = [
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel8/aarch64/ansible-developer/1.1/debug',
      'content/dist/layered/rhel8/aarch64/ansible-developer/1.1/os',
      'content/dist/layered/rhel8/aarch64/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel8/aarch64/ansible-inside/1.2/debug',
      'content/dist/layered/rhel8/aarch64/ansible-inside/1.2/os',
      'content/dist/layered/rhel8/aarch64/ansible-inside/1.2/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/ansible-developer/1.1/debug',
      'content/dist/layered/rhel8/ppc64le/ansible-developer/1.1/os',
      'content/dist/layered/rhel8/ppc64le/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/ansible-inside/1.2/debug',
      'content/dist/layered/rhel8/ppc64le/ansible-inside/1.2/os',
      'content/dist/layered/rhel8/ppc64le/ansible-inside/1.2/source/SRPMS',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel8/s390x/ansible-developer/1.1/debug',
      'content/dist/layered/rhel8/s390x/ansible-developer/1.1/os',
      'content/dist/layered/rhel8/s390x/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel8/s390x/ansible-inside/1.2/debug',
      'content/dist/layered/rhel8/s390x/ansible-inside/1.2/os',
      'content/dist/layered/rhel8/s390x/ansible-inside/1.2/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/ansible-developer/1.1/debug',
      'content/dist/layered/rhel8/x86_64/ansible-developer/1.1/os',
      'content/dist/layered/rhel8/x86_64/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/ansible-inside/1.2/debug',
      'content/dist/layered/rhel8/x86_64/ansible-inside/1.2/os',
      'content/dist/layered/rhel8/x86_64/ansible-inside/1.2/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'receptor-1.4.5-1.el8ap', 'release':'8', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2023-39326', 'CVE-2024-1394']},
      {'reference':'receptorctl-1.4.5-1.el8ap', 'release':'8', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2023-39326', 'CVE-2024-1394']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/aarch64/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/ppc64le/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/s390x/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel8/x86_64/ansible-automation-platform/2.4/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'automation-controller-venv-tower-4.5.5-2.el8ap', 'release':'8', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2023-41040', 'CVE-2023-45857', 'CVE-2023-46137', 'CVE-2023-47627', 'CVE-2023-49083', 'CVE-2024-22195', 'CVE-2024-23334', 'CVE-2024-23829', 'CVE-2024-24680']},
      {'reference':'python39-aiohttp-3.9.3-1.el8ap', 'release':'8', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2024-23334', 'CVE-2024-23829']},
      {'reference':'python39-django-4.2.11-1.el8ap', 'release':'8', 'el_string':'el8ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2024-27351']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel9/aarch64/ansible-developer/1.1/debug',
      'content/dist/layered/rhel9/aarch64/ansible-developer/1.1/os',
      'content/dist/layered/rhel9/aarch64/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel9/aarch64/ansible-inside/1.2/debug',
      'content/dist/layered/rhel9/aarch64/ansible-inside/1.2/os',
      'content/dist/layered/rhel9/aarch64/ansible-inside/1.2/source/SRPMS',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel9/ppc64le/ansible-developer/1.1/debug',
      'content/dist/layered/rhel9/ppc64le/ansible-developer/1.1/os',
      'content/dist/layered/rhel9/ppc64le/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel9/ppc64le/ansible-inside/1.2/debug',
      'content/dist/layered/rhel9/ppc64le/ansible-inside/1.2/os',
      'content/dist/layered/rhel9/ppc64le/ansible-inside/1.2/source/SRPMS',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel9/s390x/ansible-developer/1.1/debug',
      'content/dist/layered/rhel9/s390x/ansible-developer/1.1/os',
      'content/dist/layered/rhel9/s390x/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel9/s390x/ansible-inside/1.2/debug',
      'content/dist/layered/rhel9/s390x/ansible-inside/1.2/os',
      'content/dist/layered/rhel9/s390x/ansible-inside/1.2/source/SRPMS',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel9/x86_64/ansible-developer/1.1/debug',
      'content/dist/layered/rhel9/x86_64/ansible-developer/1.1/os',
      'content/dist/layered/rhel9/x86_64/ansible-developer/1.1/source/SRPMS',
      'content/dist/layered/rhel9/x86_64/ansible-inside/1.2/debug',
      'content/dist/layered/rhel9/x86_64/ansible-inside/1.2/os',
      'content/dist/layered/rhel9/x86_64/ansible-inside/1.2/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'receptor-1.4.5-1.el9ap', 'release':'9', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2023-39326', 'CVE-2024-1394']},
      {'reference':'receptorctl-1.4.5-1.el9ap', 'release':'9', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2023-39326', 'CVE-2024-1394']}
    ]
  },
  {
    'repo_relative_urls': [
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/aarch64/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/ppc64le/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/s390x/ansible-automation-platform/2.4/source/SRPMS',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.4/debug',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.4/os',
      'content/dist/layered/rhel9/x86_64/ansible-automation-platform/2.4/source/SRPMS'
    ],
    'pkgs': [
      {'reference':'automation-controller-venv-tower-4.5.5-2.el9ap', 'release':'9', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2023-41040', 'CVE-2023-45857', 'CVE-2023-46137', 'CVE-2023-47627', 'CVE-2023-49083', 'CVE-2024-22195', 'CVE-2024-23334', 'CVE-2024-23829', 'CVE-2024-24680']},
      {'reference':'python3-aiohttp-3.9.3-1.el9ap', 'release':'9', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2024-23334', 'CVE-2024-23829']},
      {'reference':'python3-django-4.2.11-1.el9ap', 'release':'9', 'el_string':'el9ap', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'automation-hub-2.4', 'cves':['CVE-2024-27351']}
    ]
  }
];

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var flag = 0;
foreach var constraint_array ( constraints ) {
  var repo_relative_urls = NULL;
  if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
  foreach var pkg ( constraint_array['pkgs'] ) {
    var reference = NULL;
    var _release = NULL;
    var sp = NULL;
    var _cpu = NULL;
    var el_string = NULL;
    var rpm_spec_vers_cmp = NULL;
    var epoch = NULL;
    var allowmaj = NULL;
    var exists_check = NULL;
    var cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        _release &&
        rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
        (applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
        rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'automation-controller-venv-tower / python3-aiohttp / python3-django / etc');
}
VendorProductVersionCPE
redhatenterprise_linuxpython3-djangop-cpe:/a:redhat:enterprise_linux:python3-django
redhatenterprise_linuxpython3x-djangop-cpe:/a:redhat:enterprise_linux:python3x-django
redhatenterprise_linux9cpe:/o:redhat:enterprise_linux:9
redhatenterprise_linuxpython39-aiohttpp-cpe:/a:redhat:enterprise_linux:python39-aiohttp
redhatenterprise_linuxpython-aiohttpp-cpe:/a:redhat:enterprise_linux:python-aiohttp
redhatenterprise_linuxpython3-aiohttpp-cpe:/a:redhat:enterprise_linux:python3-aiohttp
redhatenterprise_linuxpython3x-aiohttpp-cpe:/a:redhat:enterprise_linux:python3x-aiohttp
redhatenterprise_linuxpython-djangop-cpe:/a:redhat:enterprise_linux:python-django
redhatenterprise_linuxreceptorp-cpe:/a:redhat:enterprise_linux:receptor
redhatenterprise_linuxautomation-controller-venv-towerp-cpe:/a:redhat:enterprise_linux:automation-controller-venv-tower
Rows per page:
1-10 of 131

References

Related

redhat 11
nessus 35
cve 6
debiancve 5
openvas 29
fedora 10
redos 2
osv 20
alpinelinux 2
ubuntucve 7
prion 5
nvd 5
cvelist 5
ibm 11
veracode 5
freebsd 2
ubuntu 2
github 6
githubexploit 7
wolfi 5
redhatcve 6
f5 1
cbl_mariner 1
oraclelinux 2
almalinux 1
cgr 4
attackerkb 1
nuclei 1
debian 1
rocky 1
redhat
redhat
(RHSA-2024:1640) Moderate: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update
2024-04-02 19:19:20
(RHSA-2024:1878) Moderate: RHUI 4.8 Release - Security Updates, Bug Fixes, and Enhancements
2024-04-18 00:58:43
(RHSA-2024:1536) Moderate: Satellite 6.14.3 Async Security Update
2024-03-27 13:14:03
nessus
nessus
Fedora 39 : python-aiohttp (2024-f249b74f03)
2024-02-05 00:00:00
Fedora 38 : python-aiohttp (2024-0ddda4c691)
2024-02-08 00:00:00
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : python-aiohttp, python-time-machine (SUSE-SU-2024:0577-1)
2024-02-22 00:00:00
cve
cve
CVE-2024-23829
2024-01-29 23:15:08
CVE-2023-46137
2023-10-25 21:15:10
CVE-2023-47627
2023-11-14 21:15:12
debiancve
debiancve
CVE-2024-23829
2024-01-29 23:15:08
CVE-2024-24680
2024-02-06 22:16:15
CVE-2023-47627
2023-11-14 21:15:12
openvas
openvas
Fedora: Security Advisory for python-aiohttp (FEDORA-2024-f249b74f03)
2024-02-05 00:00:00
aiohttp < 3.9.2 Multiple Vulnerabilities - Windows
2024-05-03 00:00:00
aiohttp < 3.9.2 Multiple Vulnerabilities - Linux
2024-05-03 00:00:00
fedora
fedora
[SECURITY] Fedora 39 Update: python-django-4.2.11-2.fc39
2024-04-18 01:12:12
[SECURITY] Fedora 39 Update: python-aiohttp-3.9.3-1.fc39
2024-02-05 01:27:09
[SECURITY] Fedora 38 Update: python-aiohttp-3.9.3-1.fc38
2024-02-09 01:52:27
redos
redos
ROS-20240423-07
2024-04-23 00:00:00
ROS-20240410-14
2024-04-10 00:00:00
osv
osv
CVE-2024-23829
2024-01-29 23:15:08
PYSEC-2024-26
2024-01-29 23:15:00
PYSEC-2024-28
2024-02-06 22:16:00
alpinelinux
alpinelinux
CVE-2024-23829
2024-01-29 23:15:08
CVE-2024-23334
2024-01-29 23:15:08
ubuntucve
ubuntucve
CVE-2024-23829
2024-01-29 00:00:00
CVE-2023-46137
2023-10-25 00:00:00
CVE-2024-23334
2024-01-29 00:00:00
prion
prion
Security feature bypass
2024-01-29 23:15:00
Design/Logic Flaw
2023-10-25 21:15:00
Design/Logic Flaw
2024-02-06 22:16:00
nvd
nvd
CVE-2024-23829
2024-01-29 23:15:08
CVE-2024-23334
2024-01-29 23:15:08
CVE-2024-24680
2024-02-06 22:16:15
cvelist
cvelist
CVE-2024-23829 aiohttp's HTTP parser (the python one, not llhttp) still overly lenient about separators
2024-01-29 22:41:35
CVE-2024-24680
2024-02-06 00:00:00
CVE-2023-46137 twisted.web has disordered HTTP pipeline response
2023-10-25 20:56:27
ibm
ibm
Security Bulletin: IBM Storage Fusion HCI is vulnerable to HTTP request smuggling, denial of server due to aiohttp, cryptography.
2024-05-11 16:56:18
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Axios icross-site request forgery, vulnerability ( CVE-2023-45857)
2024-02-05 20:15:49
Security Bulletin: Axios is vulnerable to CVE-2023-45857 used in IBM Maximo Application Suite - Monitor Component
2024-02-27 16:13:47
veracode
veracode
Request Smuggling
2024-01-30 10:19:52
Path Traversal
2024-01-30 07:29:34
HTTP Request Smuggling
2023-11-15 07:35:26
freebsd
freebsd
Django -- multiple vulnerabilities
2024-01-09 00:00:00
Django -- multiple vulnerabilities
2024-02-25 00:00:00
ubuntu
ubuntu
Django vulnerability
2024-03-04 00:00:00
Django vulnerability
2024-02-06 00:00:00
github
github
aiohttp is vulnerable to directory traversal
2024-01-29 22:31:03
Jinja vulnerable to HTML attribute injection when passing user input as keys to xmlattr filter
2024-01-11 15:20:48
AIOHTTP has problems in HTTP parser (the python one, not llhttp)
2023-11-14 22:20:59
githubexploit
githubexploit
Exploit for Path Traversal in Aiohttp
2024-03-17 10:56:02
Exploit for Path Traversal in Aiohttp
2024-03-19 16:28:56
Exploit for Path Traversal in Aiohttp
2024-03-18 20:39:27
wolfi
wolfi
CVE-2024-23334 vulnerabilities
2024-06-22 21:09:10
CVE-2024-24680 vulnerabilities
2024-06-22 21:09:10
CVE-2024-27351 vulnerabilities
2024-06-22 21:09:10
redhatcve
redhatcve
CVE-2023-47627
2023-11-15 18:30:25
CVE-2024-23829
2024-01-30 11:02:10
CVE-2023-49083
2023-12-20 11:10:52
f5
f5
K000139353 : aiohttp vulnerability CVE-2024-23334
2024-04-19 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-49083 affecting package python-cryptography for versions less than 42.0.5-1
2024-03-19 17:21:46
oraclelinux
oraclelinux
python-cryptography security update
2024-03-20 00:00:00
python3.11-cryptography security update
2024-05-02 00:00:00
almalinux
almalinux
Moderate: python3.11-cryptography security update
2024-05-22 00:00:00
cgr
cgr
CVE-2024-24680 vulnerabilities
2024-05-19 03:07:16
CVE-2024-23334 vulnerabilities
2024-05-19 03:07:16
CVE-2023-45857 vulnerabilities
2024-05-19 03:07:16
attackerkb
attackerkb
CVE-2024-23334
2024-01-29 00:00:00
nuclei
nuclei
aiohttp - Directory Traversal
2024-02-28 04:56:41
debian
debian
[SECURITY] [DLA 3715-1] jinja2 security update
2024-01-23 17:31:34
rocky
rocky
python-jinja2 security update
2024-06-14 13:59:30

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.5 High

AI Score

Confidence

High

0.052 Low

EPSS

Percentile

93.0%

JSON
Related for REDHAT-RHSA-2024-1640.NASL
redhat11nessus35cve6debiancve5openvas29fedora10redos2osv20alpinelinux2ubuntucve7prion5nvd5cvelist5ibm11veracode5freebsd2ubuntu2github6githubexploit7wolfi5redhatcve6f51cbl_mariner1oraclelinux2almalinux1cgr4attackerkb1nuclei1debian1rocky1