Lucene search

HistoryJun 25, 2024 - 12:00 a.m.

SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)

2024-06-2500:00:00

www.tenable.com

suse linux

sles15

opensuse 15

security update

grafana

mybatis

cve-2024-1313

cve-2023-6152

vulnerabilities

apache commons ognl

log4j.

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1530-2 advisory.

grafana was updated to version 9.5.18:

- Grafana now requires Go 1.20
- Security issues fixed:

  * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
  * CVE-2023-6152: Add email verification when updating user email (bsc#1219912)

- Other non-security related changes:

  * Version 9.5.17:

    + [FEATURE] Alerting: Backport use Alertmanager API v2

  * Version 9.5.16:

    + [BUGFIX] Annotations: Split cleanup into separate queries and           deletes to avoid deadlocks on MySQL

  * Version 9.5.15:

    + [FEATURE] Alerting: Attempt to retry retryable errors

  * Version 9.5.14:

    + [BUGFIX] Alerting: Fix state manager to not keep           datasource_uid and ref_id labels in state after Error         + [BUGFIX] Transformations: Config overrides being lost when           config from query transform is applied         + [BUGFIX] LDAP: Fix enable users on successfull login

  * Version 9.5.13:

    + [BUGFIX] BrowseDashboards: Only remember the most recent           expanded folder         + [BUGFIX] Licensing: Pass func to update env variables when           starting plugin

  * Version 9.5.12:

    + [FEATURE] Azure: Add support for Workload Identity           authentication

  * Version 9.5.9:

    + [FEATURE] SSE: Fix DSNode to not panic when response has empty           response         + [FEATURE] Prometheus: Handle the response with different field           key order         + [BUGFIX] LDAP: Fix user disabling


mybatis:

- `apache-commons-ognl` is now a non-optional dependency
- Fixed building with log4j v1 and v2 dependencies

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# SUSE update advisory SUSE-SU-2024:1530-2. The text itself
# is copyright (C) SUSE.
##

include('compat.inc');

if (description)
{
  script_id(200928);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/25");

  script_cve_id("CVE-2023-6152", "CVE-2024-1313");
  script_xref(name:"IAVB", value:"2024-B-0012-S");
  script_xref(name:"IAVB", value:"2024-B-0035");
  script_xref(name:"SuSE", value:"SUSE-SU-2024:1530-2");

  script_name(english:"SUSE SLES15 / openSUSE 15 Security Update : grafana and mybatis (SUSE-SU-2024:1530-2)");

  script_set_attribute(attribute:"synopsis", value:
"The remote SUSE host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote SUSE Linux SLES15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as
referenced in the SUSE-SU-2024:1530-2 advisory.

    grafana was updated to version 9.5.18:

    - Grafana now requires Go 1.20
    - Security issues fixed:

      * CVE-2024-1313: Require same organisation when deleting snapshots (bsc#1222155)
      * CVE-2023-6152: Add email verification when updating user email (bsc#1219912)

    - Other non-security related changes:

      * Version 9.5.17:

        + [FEATURE] Alerting: Backport use Alertmanager API v2

      * Version 9.5.16:

        + [BUGFIX] Annotations: Split cleanup into separate queries and
          deletes to avoid deadlocks on MySQL

      * Version 9.5.15:

        + [FEATURE] Alerting: Attempt to retry retryable errors

      * Version 9.5.14:

        + [BUGFIX] Alerting: Fix state manager to not keep
          datasource_uid and ref_id labels in state after Error
        + [BUGFIX] Transformations: Config overrides being lost when
          config from query transform is applied
        + [BUGFIX] LDAP: Fix enable users on successfull login

      * Version 9.5.13:

        + [BUGFIX] BrowseDashboards: Only remember the most recent
          expanded folder
        + [BUGFIX] Licensing: Pass func to update env variables when
          starting plugin

      * Version 9.5.12:

        + [FEATURE] Azure: Add support for Workload Identity
          authentication

      * Version 9.5.9:

        + [FEATURE] SSE: Fix DSNode to not panic when response has empty
          response
        + [FEATURE] Prometheus: Handle the response with different field
          key order
        + [BUGFIX] LDAP: Fix user disabling


    mybatis:

    - `apache-commons-ognl` is now a non-optional dependency
    - Fixed building with log4j v1 and v2 dependencies

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1219912");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.suse.com/1222155");
  script_set_attribute(attribute:"see_also", value:"https://lists.suse.com/pipermail/sle-updates/2024-June/035719.html");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2023-6152");
  script_set_attribute(attribute:"see_also", value:"https://www.suse.com/security/cve/CVE-2024-1313");
  script_set_attribute(attribute:"solution", value:
"Update the affected grafana, mybatis and / or mybatis-javadoc packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:C/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-1313");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/02/13");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/06/24");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/06/25");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:grafana");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:15");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"SuSE Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");

  exit(0);
}


include('rpm.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item("Host/SuSE/release");
if (isnull(os_release) || os_release !~ "^(SLED|SLES|SUSE)") audit(AUDIT_OS_NOT, "SUSE / openSUSE");
var os_ver = pregmatch(pattern: "^(SLE(S|D)\d+|SUSE([\d.]+))", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'SUSE / openSUSE');
os_ver = os_ver[1];
if (! preg(pattern:"^(SLES15|SUSE15\.6)$", string:os_ver)) audit(AUDIT_OS_NOT, 'SUSE SLES15 / openSUSE 15', 'SUSE / openSUSE (' + os_ver + ')');

if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'SUSE / openSUSE (' + os_ver + ')', cpu);

var service_pack = get_kb_item("Host/SuSE/patchlevel");
if (isnull(service_pack)) service_pack = "0";
if (os_ver == "SLES15" && (! preg(pattern:"^(6)$", string:service_pack))) audit(AUDIT_OS_NOT, "SLES15 SP6", os_ver + " SP" + service_pack);

var pkgs = [
    {'reference':'grafana-9.5.18-150200.3.56.1', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'mybatis-3.5.6-150200.5.6.1', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'mybatis-javadoc-3.5.6-150200.5.6.1', 'release':'SUSE15.6', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['openSUSE-release-15.6']},
    {'reference':'grafana-9.5.18-150200.3.56.1', 'sp':'6', 'release':'SLES15', 'rpm_spec_vers_cmp':TRUE, 'exists_check':['sle-module-packagehub-subpackages-release-15.6']}
];

var ltss_caveat_required = FALSE;
var flag = 0;
foreach var package_array ( pkgs ) {
  var reference = NULL;
  var _release = NULL;
  var sp = NULL;
  var _cpu = NULL;
  var exists_check = NULL;
  var rpm_spec_vers_cmp = NULL;
  if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
  if (!empty_or_null(package_array['release'])) _release = package_array['release'];
  if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
  if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
  if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
  if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
  if (reference && _release) {
    if (exists_check) {
      var check_flag = 0;
      foreach var check (exists_check) {
        if (!rpm_exists(release:_release, rpm:check)) continue;
        check_flag++;
      }
      if (!check_flag) continue;
    }
    if (rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, rpm_spec_vers_cmp:rpm_spec_vers_cmp)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_WARNING,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'grafana / mybatis / mybatis-javadoc');
}

VendorProductVersionCPE
novellsuse_linuxgrafanap-cpe:/a:novell:suse_linux:grafana
novellsuse_linux15cpe:/o:novell:suse_linux:15

Vendor	Product	Version	CPE
novell	suse_linux	grafana	p-cpe:/a:novell:suse_linux:grafana
novell	suse_linux	15	cpe:/o:novell:suse_linux:15

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-6152

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-1313

bugzilla.suse.com/1219912

bugzilla.suse.com/1222155

lists.suse.com/pipermail/sle-updates/2024-June/035719.html

www.suse.com/security/cve/CVE-2023-6152

www.suse.com/security/cve/CVE-2024-1313

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

6.3 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for SUSE_SU-2024-1530-2.NASL