Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.ROCKY_LINUX_RLSA-2021-4142.NASL
HistoryNov 06, 2023 - 12:00 a.m.

Rocky Linux 8 : pcs (RLSA-2021:4142)

2023-11-0600:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
7
rocky linux 8
vulnerabilities
jquery
object prototypes
cross-site scripting
security advisory

6.8 Medium

AI Score

Confidence

High

JSON

The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2021:4142 advisory.

  • jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true, {}, …) because of Object.prototype pollution. If an unsanitized source object contained an enumerable
    proto property, it could extend the native Object.prototype. (CVE-2019-11358)

  • In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option> elements from untrusted sources - even after sanitizing it - to one of jQuery’s DOM manipulation methods (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    (CVE-2020-11023)

  • jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to recognize and remove <script> HTML tags that contain a whitespace character, i.e: </script >, which results in the enclosed script logic to be executed. (CVE-2020-7656)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Rocky Linux Security Advisory RLSA-2021:4142.
##

include('compat.inc');

if (description)
{
  script_id(184665);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/11/07");

  script_cve_id("CVE-2019-11358", "CVE-2020-7656", "CVE-2020-11023");
  script_xref(name:"IAVA", value:"2020-A-0495");
  script_xref(name:"RLSA", value:"2021:4142");
  script_xref(name:"CEA-ID", value:"CEA-2021-0025");
  script_xref(name:"CEA-ID", value:"CEA-2021-0004");

  script_name(english:"Rocky Linux 8 : pcs (RLSA-2021:4142)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Rocky Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the
RLSA-2021:4142 advisory.

  - jQuery before 3.4.0, as used in Drupal, Backdrop CMS, and other products, mishandles jQuery.extend(true,
    {}, ...) because of Object.prototype pollution. If an unsanitized source object contained an enumerable
    __proto__ property, it could extend the native Object.prototype. (CVE-2019-11358)

  - In jQuery versions greater than or equal to 1.0.3 and before 3.5.0, passing HTML containing <option>
    elements from untrusted sources - even after sanitizing it - to one of jQuery's DOM manipulation methods
    (i.e. .html(), .append(), and others) may execute untrusted code. This problem is patched in jQuery 3.5.0.
    (CVE-2020-11023)

  - jquery prior to 1.9.0 allows Cross-site Scripting attacks via the load method. The load method fails to
    recognize and remove <script> HTML tags that contain a whitespace character, i.e: </script >, which
    results in the enclosed script logic to be executed. (CVE-2020-7656)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://errata.rockylinux.org/RLSA-2021:4142");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1290830");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1432097");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1678273");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1690419");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1720221");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1759995");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1841019");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1850004");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1850119");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1854238");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1872378");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1885293");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1885302");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1896458");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1909901");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1922996");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1927384");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1927394");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1930886");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1935594");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1984901");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1991654");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1992668");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1998454");
  script_set_attribute(attribute:"solution", value:
"Update the affected pcs and / or pcs-snmp packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2020-7656");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2019/04/09");
  script_set_attribute(attribute:"patch_publication_date", value:"2021/11/09");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/11/06");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:pcs");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:rocky:linux:pcs-snmp");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:rocky:linux:8");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Rocky Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RockyLinux/release", "Host/RockyLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RockyLinux/release');
if (isnull(os_release) || 'Rocky Linux' >!< os_release) audit(AUDIT_OS_NOT, 'Rocky Linux');
var os_ver = pregmatch(pattern: "Rocky(?: Linux)? release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Rocky Linux');
os_ver = os_ver[1];
if (! preg(pattern:"^8([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, 'Rocky Linux 8.x', 'Rocky Linux ' + os_ver);

if (!get_kb_item('Host/RockyLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Rocky Linux', cpu);

var pkgs = [
    {'reference':'pcs-0.10.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'pcs-0.10.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'pcs-snmp-0.10.10-4.el8', 'cpu':'aarch64', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
    {'reference':'pcs-snmp-0.10.10-4.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
];

var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var el_string = NULL;
  var rpm_spec_vers_cmp = NULL;
  var epoch = NULL;
  var allowmaj = NULL;
  var exists_check = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = 'Rocky-' + package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
  if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (reference && _release && (!exists_check || rpm_exists(release:_release, rpm:exists_check))) {
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'pcs / pcs-snmp');
}
VendorProductVersionCPE
rockylinuxpcsp-cpe:/a:rocky:linux:pcs
rockylinuxpcs-snmpp-cpe:/a:rocky:linux:pcs-snmp
rockylinux8cpe:/o:rocky:linux:8

References

Related

nessus 37
osv 16
redhat 9
rocky 2
oraclelinux 5
almalinux 2
ibm 39
altlinux 1
cve 3
openvas 22
nodejs 1
ubuntucve 3
githubexploit 6
veracode 3
debiancve 3
prion 3
redhatcve 3
github 3
debian 5
atlassian 8
hackerone 1
joomla 1
drupal 1
typo3 1
f5 2
symantec 1
alpinelinux 2
checkpoint_advisories 2
fedora 2
amazon 2
zdt 1
packetstorm 1
ics 1
exploitdb 1
attackerkb 2
freebsd 1
cnvd 1
archlinux 1
suse 1
nessus
nessus
RHEL 8 : pcs (RHSA-2021:4142)
2021-11-11 00:00:00
AlmaLinux 8 : pcs (ALSA-2021:4142)
2022-02-09 00:00:00
Oracle Linux 8 : pcs (ELSA-2021-9552)
2021-11-19 00:00:00
osv
osv
Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
CVE-2020-7656
2020-05-19 21:15:10
redhat
redhat
(RHSA-2021:4142) Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
(RHSA-2020:4211) Moderate: Red Hat AMQ Interconnect 1.9.0 release and security update
2020-10-08 06:44:00
(RHSA-2022:7343) Important: pcs security update
2022-11-02 16:05:00
rocky
rocky
pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
oraclelinux
oraclelinux
pcs security update
2021-11-19 00:00:00
ipa security and bug fix update
2021-03-19 00:00:00
bootstrap security update
2021-08-09 00:00:00
almalinux
almalinux
Low: pcs security, bug fix, and enhancement update
2021-11-09 08:21:49
Moderate: idm:DL1 and idm:client security, bug fix, and enhancement update
2021-05-18 06:14:07
ibm
ibm
Security Bulletin: Multiple cross-site scripting vulnerabilities in JQuery affect IBM InfoSphere Information Server
2022-07-19 03:29:58
Security Bulletin: Cross Site Scripting vulnerabilities in jQuery might affect IBM Business Automation Workflow and IBM Business Process Manager (BPM) - CVE-2020-7656, CVE-2020-11022, CVE-2020-11023
2022-05-04 11:20:04
Security Bulletin: Multiple vulnerabilities in IBM WebSphere eXtreme Scale Liberty Deployment.
2023-03-21 18:07:40
altlinux
altlinux
Security fix for the ALT Linux 9 package phpipam version 1.42.027-alt1
2020-10-21 00:00:00
cve
cve
CVE-2020-7656
2020-05-19 21:15:00
CVE-2020-11023
2020-04-29 21:15:00
CVE-2019-11358
2019-04-20 00:29:00
openvas
openvas
jQuery < 1.9.0 XSS Vulnerability
2020-05-26 00:00:00
Django jQuery Vulnerability - Linux
2019-06-26 00:00:00
Discourse < 2.3.0.beta9 Multiple Vulnerabilities
2019-06-17 00:00:00
nodejs
nodejs
Cross-Site Scripting
2020-05-20 19:52:20
ubuntucve
ubuntucve
CVE-2020-7656
2020-05-19 00:00:00
CVE-2019-11358
2019-04-20 00:00:00
CVE-2020-11023
2020-04-29 00:00:00
githubexploit
githubexploit
Exploit for Cross-site Scripting in Jquery
2020-12-01 09:45:48
Exploit for Cross-site Scripting in Jquery
2020-04-14 19:12:01
Exploit for Prototype Pollution in Jquery
2021-03-08 11:34:11
veracode
veracode
Cross-Site Scripting (XSS)
2020-05-20 01:53:56
Prototype Pollution
2019-04-22 03:41:01
Cross-Site Scripting (XSS)
2020-04-30 02:21:22
debiancve
debiancve
CVE-2020-7656
2020-05-19 21:15:00
CVE-2019-11358
2019-04-20 00:29:00
CVE-2020-11023
2020-04-29 21:15:00
prion
prion
Cross site scripting
2020-05-19 21:15:00
Design/Logic Flaw
2019-04-20 00:29:00
Code injection
2020-04-29 21:15:00
redhatcve
redhatcve
CVE-2020-7656
2020-06-23 15:25:20
CVE-2019-11358
2021-07-18 00:15:31
CVE-2020-11023
2021-06-20 07:11:02
github
github
Cross-Site Scripting in jquery
2020-05-20 16:18:01
XSS in jQuery as used in Drupal, Backdrop CMS, and other products
2019-04-26 16:29:11
Potential XSS vulnerability in jQuery
2020-04-29 22:19:14
debian
debian
[SECURITY] [DSA 4434-1] drupal7 security update
2019-04-20 12:03:09
[SECURITY] [DLA 1777-1] jquery security update
2019-05-06 07:42:05
[SECURITY] [DLA 2118-1] otrs2 security update
2020-02-24 17:03:32
atlassian
atlassian
Address CVE-2019-11358 in the bundled version of jQuery
2019-07-08 22:57:45
jQuery 2.2.4 is vulnerable to prototype pollution
2019-05-13 01:57:29
Update jQuery to address CVE-2019-11358
2019-08-01 05:11:29
hackerone
hackerone
Node.js third-party modules: Prototype pollution attack through jQuery $.extend
2018-12-03 15:53:20
joomla
joomla
[20190403] - Core - Object.prototype pollution in JQuery $.extend
2019-03-25 00:00:00
drupal
drupal
Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2019-006
2019-04-17 00:00:00
typo3
typo3
Cross-Site Scripting in jQuery before 3.4.0
2019-05-07 00:00:00
f5
f5
K20455158 : jQuery vulnerability CVE-2019-11358
2020-04-14 00:00:00
K66544153 : jQuery vulnerability CVE-2020-11023
2020-08-03 00:00:00
symantec
symantec
JQuery CVE-2019-11358 Cross Site Scripting Vulnerability
2019-04-17 00:00:00
alpinelinux
alpinelinux
CVE-2019-11358
2019-04-20 00:29:00
CVE-2020-11023
2020-04-29 21:15:00
checkpoint_advisories
checkpoint_advisories
jQuery Prototype Pollution Object Cross-Site Scripting (CVE-2019-11358)
2019-04-29 00:00:00
jQuery Cross Site Scripting (CVE-2020-11022; CVE-2020-11023)
2020-11-16 00:00:00
fedora
fedora
[SECURITY] Fedora 30 Update: drupal7-7.66-1.fc30
2019-05-09 01:34:20
[SECURITY] Fedora 29 Update: drupal7-7.66-1.fc29
2019-05-09 03:18:10
amazon
amazon
Medium: pcs
2023-01-18 00:16:00
Medium: ipa
2021-04-20 17:55:00
zdt
zdt
jQuery 1.0.3 - Cross-Site Scripting Vulnerability
2021-04-14 00:00:00
packetstorm
packetstorm
jQuery 1.0.3 Cross Site Scripting
2021-04-14 00:00:00
ics
ics
Sensormatic Electronics VideoEdge
2021-11-02 12:00:00
exploitdb
exploitdb
jQuery 1.0.3 - Cross-Site Scripting (XSS)
2021-04-14 00:00:00
attackerkb
attackerkb
CVE-2019-11358
2019-04-20 00:00:00
CVE-2020-11022
2020-04-29 00:00:00
freebsd
freebsd
Django -- AdminURLFieldWidget XSS
2019-06-03 00:00:00
cnvd
cnvd
Silverstripe framework cross-site scripting vulnerability
2022-11-23 00:00:00
archlinux
archlinux
[ASA-201906-2] python-django: cross-site scripting
2019-06-04 00:00:00
suse
suse
Security update for otrs (moderate)
2020-11-10 00:00:00

6.8 Medium

AI Score

Confidence

High

JSON
Related for ROCKY_LINUX_RLSA-2021-4142.NASL
nessus37osv16redhat9rocky2oraclelinux5almalinux2ibm39altlinux1cve3openvas22nodejs1ubuntucve3githubexploit6veracode3debiancve3prion3redhatcve3github3debian5atlassian8hackerone1joomla1drupal1typo31f52symantec1alpinelinux2checkpoint_advisories2fedora2amazon2zdt1packetstorm1ics1exploitdb1attackerkb2freebsd1cnvd1archlinux1suse1