Lucene search
Copyright (C) 2024 Greenbone AGOPENVAS:1361412562310886553HistoryMay 27, 2024 - 12:00 a.m.
Fedora: Security Advisory for kubernetes (FEDORA-2024-ce2eefc399)
2024-05-2700:00:00
Copyright (C) 2024 Greenbone AG
plugins.openvas.org
3
fedora
security
advisory
kubernetes
fedora-2024-ce2eefc399
cve-2024-3177
cve-2023-45288
greenbone ag
gpl-2.0-only
cvss
vulnerable
package
update
open source
container
scheduling
management
platform
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
The remote host is missing an update for the
# SPDX-FileCopyrightText: 2024 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
if(description)
{
script_oid("1.3.6.1.4.1.25623.1.0.886553");
script_version("2024-06-07T05:05:42+0000");
script_cve_id("CVE-2024-3177", "CVE-2023-45288");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_tag(name:"last_modification", value:"2024-06-07 05:05:42 +0000 (Fri, 07 Jun 2024)");
script_tag(name:"creation_date", value:"2024-05-27 10:42:58 +0000 (Mon, 27 May 2024)");
script_name("Fedora: Security Advisory for kubernetes (FEDORA-2024-ce2eefc399)");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2024 Greenbone AG");
script_family("Fedora Local Security Checks");
script_dependencies("gather-package-list.nasl");
script_mandatory_keys("ssh/login/fedora", "ssh/login/rpms", re:"ssh/login/release=FC40");
script_xref(name:"Advisory-ID", value:"FEDORA-2024-ce2eefc399");
script_xref(name:"URL", value:"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT");
script_tag(name:"summary", value:"The remote host is missing an update for the 'kubernetes'
package(s) announced via the FEDORA-2024-ce2eefc399 advisory.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable package version is present on the target host.");
script_tag(name:"insight", value:"Open Source Production-Grade Container Scheduling And Management Platform
Installs kubelet, the kubernetes agent on each machine in a
cluster. The kubernetes-client sub-package,
containing kubectl, is recommended but not strictly required.
The kubernetes-client sub-package should be installed on
control plane machines.");
script_tag(name:"affected", value:"'kubernetes' package(s) on Fedora 40.");
script_tag(name:"solution", value:"Please install the updated package(s).");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"package");
exit(0);
}
include("revisions-lib.inc");
include("pkg-lib-rpm.inc");
release = rpm_get_ssh_release();
if(!release)
exit(0);
res = "";
report = "";
if(release == "FC40") {
if(!isnull(res = isrpmvuln(pkg:"kubernetes", rpm:"kubernetes~1.29.4~1.fc40", rls:"FC40"))) {
report += res;
}
if(report != "") {
security_message(data:report);
} else if(__pkg_match) {
exit(99);
}
exit(0);
}
exit(0);Related
fedora
fedora
[SECURITY] Fedora 40 Update: kubernetes-1.29.4-1.fc40
2024-04-25 01:01:14
[SECURITY] Fedora 39 Update: kubernetes-1.27.13-1.fc39
2024-04-25 01:20:56
nessus
nessus
Fedora 40 : kubernetes (2024-ce2eefc399)
2024-04-29 00:00:00
AlmaLinux 8 : go-toolset:rhel8 (ALSA-2024:1962)
2024-04-29 00:00:00
Oracle Linux 9 : golang (ELSA-2024-1963)
2024-04-24 00:00:00
freebsd
freebsd
forgejo -- HTTP/2 CONTINUATION flood in net/http
2024-04-04 00:00:00
go -- http2: close connections when receiving too many headers
2024-04-03 00:00:00
cbl_mariner
cbl_mariner
CVE-2023-45288 affecting package moby-engine for versions less than 24.0.9-3
2024-06-12 22:23:00
CVE-2023-45288 affecting package kubernetes for versions less than 1.28.4-8
2024-06-12 22:23:00
CVE-2023-45288 affecting package cri-tools for versions less than 1.29.0-2
2024-06-12 22:23:00
nvd
nvd
CVE-2023-45288
2024-04-04 21:15:16
CVE-2024-3177
2024-04-22 23:15:51
ubuntucve
ubuntucve
CVE-2023-45288
2024-03-27 00:00:00
CVE-2024-3177
2024-04-22 00:00:00
openvas
openvas
openSUSE: Security Advisory for go1.22 (SUSE-SU-2024:1121-1)
2024-04-09 00:00:00
Mageia: Security Advisory (MGASA-2024-0128)
2024-04-15 00:00:00
Fedora: Security Advisory for kubernetes (FEDORA-2024-662a8b6005)
2024-05-27 00:00:00
redhat
redhat
(RHSA-2024:2936) Important: go-toolset:rhel8 security update
2024-05-21 04:45:27
(RHSA-2024:1963) Important: golang security update
2024-04-23 00:09:01
mageia
mageia
Updated golang packages fix security vulnerability
2024-04-13 19:56:38
osv
osv
debiancve
debiancve
CVE-2024-3177
2024-04-22 23:15:51
CVE-2023-45288
2024-04-04 21:15:16
veracode
veracode
Improper Input Validation
2024-04-23 18:57:05
Denial Of Service (DOS)
2024-04-05 07:19:44
github
github
Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
2024-04-23 00:30:45
net/http, x/net/http2: close connections when receiving too many headers
2024-04-04 21:30:32
Traefik affected by HTTP/2 CONTINUATION flood in net/http
2024-04-15 18:14:51
almalinux
almalinux
Important: git-lfs security update
2024-05-06 00:00:00
Important: golang security update
2024-04-23 00:00:00
Important: git-lfs security update
2024-04-29 00:00:00
redhatcve
redhatcve
CVE-2023-45288
2024-04-03 20:53:54
CVE-2024-3177
2024-04-17 13:03:02
alpinelinux
alpinelinux
CVE-2023-45288
2024-04-04 21:15:16
oraclelinux
oraclelinux
golang security update
2024-04-23 00:00:00
git-lfs security update
2024-05-08 00:00:00
go-toolset:ol8 security update
2024-04-23 00:00:00
amazon
amazon
Medium: cni-plugins
2024-05-23 22:04:00
Medium: amazon-cloudwatch-agent
2024-05-23 22:04:00
Medium: golist
2024-05-23 22:04:00
rocky
rocky
go-toolset:rhel8 security update
2024-05-06 13:04:21
git-lfs security update
2024-05-09 18:50:42
git-lfs security update
2024-05-10 14:32:42
redos
redos
ROS-20240522-03
2024-05-22 00:00:00
ROS-20240422-05
2024-04-22 00:00:00
ibm
ibm
cgr
cgr
CVE-2024-3177 vulnerabilities
2024-05-19 03:07:16
CVE-2023-45288 vulnerabilities
2024-05-19 03:07:16
cve
cve
CVE-2024-3177
2024-04-22 23:15:51
CVE-2023-45288
2024-04-04 21:15:16
cvelist
cvelist
CVE-2024-3177 Bypassing mountable secrets policy imposed by the ServiceAccount admission plugin
2024-04-22 23:00:39
CVE-2023-45288 HTTP/2 CONTINUATION flood in net/http
2024-04-04 20:37:30
wolfi
wolfi
CVE-2024-3177 vulnerabilities
2024-06-29 03:08:33
CVE-2023-45288 vulnerabilities
2024-06-29 03:08:33
githubexploit
githubexploit
Exploit for CVE-2023-45288
2024-04-06 06:33:45
photon
photon
Low Photon OS Security Update - PHSA-2024-5.0-0255
2024-04-23 00:00:00
Low Photon OS Security Update - PHSA-2024-4.0-0598
2024-04-23 00:00:00
Important Photon OS Security Update - PHSA-2024-4.0-0589
2024-04-04 00:00:00
2.7 Low
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
5.5 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
15.7%
Related for OPENVAS:1361412562310886553