Eclipse Jetty is prone to a vulnerability in
OpenIdAuthenticator.
# SPDX-FileCopyrightText: 2023 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:eclipse:jetty";
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.151005");
script_version("2023-10-13T05:06:10+0000");
script_tag(name:"last_modification", value:"2023-10-13 05:06:10 +0000 (Fri, 13 Oct 2023)");
script_tag(name:"creation_date", value:"2023-09-19 04:57:16 +0000 (Tue, 19 Sep 2023)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2023-09-20 15:20:00 +0000 (Wed, 20 Sep 2023)");
script_cve_id("CVE-2023-41900");
script_tag(name:"qod_type", value:"remote_banner_unreliable");
script_tag(name:"solution_type", value:"VendorFix");
script_name("Eclipse Jetty OpenID Vulnerability (GHSA-pwh8-58vv-vw48) - Linux");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2023 Greenbone AG");
script_family("Web Servers");
script_dependencies("gb_jetty_detect.nasl", "os_detection.nasl");
script_mandatory_keys("jetty/detected", "Host/runs_unixoide");
script_tag(name:"summary", value:"Eclipse Jetty is prone to a vulnerability in
OpenIdAuthenticator.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"If a Jetty OpenIdAuthenticator uses the optional nested
LoginService, and that LoginService decides to revoke an already authenticated user, then the
current request will still treat the user as authenticated. The authentication is then cleared
from the session and subsequent requests will not be treated as authenticated.
So a request on a previously authenticated session could be allowed to bypass authentication
after it had been rejected by the LoginService.");
script_tag(name:"affected", value:"Eclipse Jetty version 9.4.21 through 9.4.51, 10.0.0 through
10.0.15 and 11.0.0 through 11.0.15.");
script_tag(name:"solution", value:"Update to version 9.4.52, 10.0.16, 11.0.16 or later.");
script_xref(name:"URL", value:"https://github.com/eclipse/jetty.project/security/advisories/GHSA-pwh8-58vv-vw48");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if (!port = get_app_port(cpe: CPE))
exit(0);
if (!infos = get_app_version_and_location(cpe: CPE, port: port, exit_no_version: TRUE))
exit(0);
version = infos["version"];
location = infos["location"];
if (version_in_range_exclusive(version: version, test_version_lo: "9.4.21", test_version_up: "9.4.52")) {
report = report_fixed_ver(installed_version: version, fixed_version: "9.4.52", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "10.0.0", test_version_up: "10.0.16")) {
report = report_fixed_ver(installed_version: version, fixed_version: "10.0.16", install_path: location);
security_message(port: port, data: report);
exit(0);
}
if (version_in_range_exclusive(version: version, test_version_lo: "11.0.0", test_version_up: "11.0.16")) {
report = report_fixed_ver(installed_version: version, fixed_version: "11.0.16", install_path: location);
security_message(port: port, data: report);
exit(0);
}
exit(99);