Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
openvasCopyright (C) 2024 Greenbone AGOPENVAS:1361412562310833762
HistoryMar 04, 2024 - 12:00 a.m.

openSUSE: Security Advisory for salt (SUSE-SU-2023:3863-1)

2024-03-0400:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
2
suse-su-2023-3863-1
salt-standalone-formulas-configuration
salt-doc
salt-proxy
cve-2023-20897
cve-2023-20898
dos
git providers
bsc#1214796
bsc#1213441
bsc#1214797
bsc#1193948
opensuse leap 15.4

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

The remote host is missing an update for the

# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

if(description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.833762");
  script_version("2024-05-16T05:05:35+0000");
  script_cve_id("CVE-2023-20897", "CVE-2023-20898");
  script_tag(name:"cvss_base", value:"6.0");
  script_tag(name:"cvss_base_vector", value:"AV:L/AC:H/Au:S/C:C/I:C/A:C");
  script_tag(name:"last_modification", value:"2024-05-16 05:05:35 +0000 (Thu, 16 May 2024)");
  script_tag(name:"severity_vector", value:"CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2023-09-08 19:18:12 +0000 (Fri, 08 Sep 2023)");
  script_tag(name:"creation_date", value:"2024-03-04 07:48:53 +0000 (Mon, 04 Mar 2024)");
  script_name("openSUSE: Security Advisory for salt (SUSE-SU-2023:3863-1)");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2024 Greenbone AG");
  script_family("SuSE Local Security Checks");
  script_dependencies("gather-package-list.nasl");
  script_mandatory_keys("ssh/login/suse", "ssh/login/rpms", re:"ssh/login/release=openSUSELeap15\.4");

  script_xref(name:"Advisory-ID", value:"SUSE-SU-2023:3863-1");
  script_xref(name:"URL", value:"https://lists.opensuse.org/archives/list/[email protected]/thread/FDJMUP4SBCGKWVB7T6TUPGP3MEYB2TNC");

  script_tag(name:"summary", value:"The remote host is missing an update for the 'salt'
  package(s) announced via the SUSE-SU-2023:3863-1 advisory.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");

  script_tag(name:"insight", value:"This update for salt fixes the following issues:

  Security issues fixed:

  * CVE-2023-20897: Fixed DOS in minion return. (bsc#1214796, bsc#1213441)

  * CVE-2023-20898: Fixed Git Providers can read from the wrong environment
      because they get the same cache directory base name. (bsc#1214797,
      bsc#1193948)

  Bugs fixed:

  * Create minion_id with reproducible mtime

  * Fix broken tests to make them running in the testsuite

  * Fix detection of Salt codename by 'salt_version' execution module

  * Fix inconsistency in reported version by egg-info metadata (bsc#1215489)

  * Fix regression: multiple values for keyword argument 'saltenv' (bsc#1212844)

  * Fix the regression of user.present state when group is unset (bsc#1212855)

  * Fix utf8 handling in 'pass' renderer and make it more robust

  * Fix zypper repositories always being reconfigured

  * Make sure configured user is properly set by Salt (bsc#1210994)

  * Prevent possible exceptions on salt.utils.user.get_group_dict (bsc#1212794)

  * Revert usage of long running REQ channel to prevent possible missing
      responses on requests and duplicated responses (bsc#1213960, bsc#1213630,
      bsc#1213257)

  ## Special Instructions and Notes:

  ##");

  script_tag(name:"affected", value:"'salt' package(s) on openSUSE Leap 15.4.");

  script_tag(name:"solution", value:"Please install the updated package(s).");

  script_tag(name:"solution_type", value:"VendorFix");
  script_tag(name:"qod_type", value:"package");

  exit(0);
}

include("revisions-lib.inc");
include("pkg-lib-rpm.inc");

release = rpm_get_ssh_release();
if(!release)
  exit(0);

res = "";
report = "";

if(release == "openSUSELeap15.4") {

  if(!isnull(res = isrpmvuln(pkg:"salt-standalone-formulas-configuration", rpm:"salt-standalone-formulas-configuration~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-doc", rpm:"salt-doc~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-proxy", rpm:"salt-proxy~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-syndic", rpm:"salt-syndic~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-tests", rpm:"salt-tests~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt", rpm:"salt~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-ssh", rpm:"salt-ssh~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-transactional-update", rpm:"salt-transactional-update~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-master", rpm:"salt-master~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-cloud", rpm:"salt-cloud~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-minion", rpm:"salt-minion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"python3-salt", rpm:"python3-salt~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-api", rpm:"salt-api~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-fish-completion", rpm:"salt-fish-completion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-zsh-completion", rpm:"salt-zsh-completion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-bash-completion", rpm:"salt-bash-completion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-standalone-formulas-configuration", rpm:"salt-standalone-formulas-configuration~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-doc", rpm:"salt-doc~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-proxy", rpm:"salt-proxy~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-syndic", rpm:"salt-syndic~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-tests", rpm:"salt-tests~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt", rpm:"salt~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-ssh", rpm:"salt-ssh~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-transactional-update", rpm:"salt-transactional-update~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-master", rpm:"salt-master~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-cloud", rpm:"salt-cloud~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-minion", rpm:"salt-minion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"python3-salt", rpm:"python3-salt~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-api", rpm:"salt-api~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-fish-completion", rpm:"salt-fish-completion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-zsh-completion", rpm:"salt-zsh-completion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(!isnull(res = isrpmvuln(pkg:"salt-bash-completion", rpm:"salt-bash-completion~3006.0~150400.8.44.1", rls:"openSUSELeap15.4"))) {
    report += res;
  }

  if(report != "") {
    security_message(data:report);
  } else if(__pkg_match) {
    exit(99);
  }
  exit(0);
}

exit(0);

Related

openvas 6
nessus 7
fedora 1
redos 1
ubuntucve 2
cve 2
alpinelinux 2
osv 6
cvelist 2
veracode 2
nvd 2
github 2
debiancve 2
prion 2
openvas
openvas
SUSE: Security Advisory (SUSE-SU-2023:3865-1)
2023-09-29 00:00:00
Fedora: Security Advisory for salt (FEDORA-2023-ac1aa963e4)
2023-09-14 00:00:00
SUSE: Security Advisory (SUSE-SU-2023:3866-1)
2023-09-29 00:00:00
nessus
nessus
SUSE SLES15 Security Update : salt (SUSE-SU-2023:3865-1)
2023-09-29 00:00:00
Fedora 37 : salt (2023-ac1aa963e4)
2023-09-14 00:00:00
SaltStack 3000 < 3002.8 / 3003 < 3003.4 / 3004 < 3004.1 Multiple Vulnerabilities
2023-10-06 00:00:00
fedora
fedora
[SECURITY] Fedora 37 Update: salt-3005.2-1.fc37
2023-09-14 00:44:08
redos
redos
ROS-20240409-06
2024-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2023-20897
2023-09-05 00:00:00
CVE-2023-20898
2023-09-05 00:00:00
cve
cve
CVE-2023-20897
2023-09-05 11:15:32
CVE-2023-20898
2023-09-05 11:15:33
alpinelinux
alpinelinux
CVE-2023-20897
2023-09-05 11:15:32
CVE-2023-20898
2023-09-05 11:15:33
osv
osv
PYSEC-2023-166
2023-09-05 11:15:00
Salt can cause Git Providers to get wrong data
2023-09-05 12:30:16
Salt vulnerable to denial of service
2023-09-05 12:30:16
cvelist
cvelist
CVE-2023-20898
2023-09-05 10:59:10
CVE-2023-20897
2023-09-05 10:56:33
veracode
veracode
Information Disclosure
2023-09-08 12:24:39
Denial Of Service
2023-09-11 06:01:31
nvd
nvd
CVE-2023-20897
2023-09-05 11:15:32
CVE-2023-20898
2023-09-05 11:15:33
github
github
Salt vulnerable to denial of service
2023-09-05 12:30:16
Salt can cause Git Providers to get wrong data
2023-09-05 12:30:16
debiancve
debiancve
CVE-2023-20897
2023-09-05 11:15:32
CVE-2023-20898
2023-09-05 11:15:33
prion
prion
Design/Logic Flaw
2023-09-05 11:15:00
Design/Logic Flaw
2023-09-05 11:15:00

7.8 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

6.3 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON
Related for OPENVAS:1361412562310833762
openvas6nessus7fedora1redos1ubuntucve2cve2alpinelinux2osv6cvelist2veracode2nvd2github2debiancve2prion2