7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.025 Low
EPSS
Percentile
90.2%
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:5555 advisory.
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
* apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)
* apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive (CVE-2021-35516)
* apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive (CVE-2021-35517)
* apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive (CVE-2021-36090)
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)
* semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri encoding (CVE-2022-31051)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2022:5555. The text
# itself is copyright (C) Red Hat, Inc.
##
include('compat.inc');
if (description)
{
script_id(163260);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/06/03");
script_cve_id(
"CVE-2021-22096",
"CVE-2021-3807",
"CVE-2021-33623",
"CVE-2021-35515",
"CVE-2021-35516",
"CVE-2021-35517",
"CVE-2021-36090",
"CVE-2022-22950",
"CVE-2022-31051"
);
script_xref(name:"RHSA", value:"2022:5555");
script_name(english:"RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.1] (RHSA-2022:5555)");
script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates.");
script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2022:5555 advisory.
The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform
that allows system administrators to view and manage virtual machines. The Manager provides a
comprehensive range of features including search capabilities, resource management, live migrations, and
virtual infrastructure provisioning.
Security Fix(es):
* nodejs-trim-newlines: ReDoS in .end() method (CVE-2021-33623)
* apache-commons-compress: infinite loop when reading a specially crafted 7Z archive (CVE-2021-35515)
* apache-commons-compress: excessive memory allocation when reading a specially crafted 7Z archive
(CVE-2021-35516)
* apache-commons-compress: excessive memory allocation when reading a specially crafted TAR archive
(CVE-2021-35517)
* apache-commons-compress: excessive memory allocation when reading a specially crafted ZIP archive
(CVE-2021-36090)
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes
(CVE-2021-3807)
* spring-expression: Denial of service via specially crafted SpEL expression (CVE-2022-22950)
* semantic-release: Masked secrets can be disclosed if they contain characters that are excluded from uri
encoding (CVE-2022-31051)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
# https://access.redhat.com/security/data/csaf/v2/advisories/2022/rhsa-2022_5555.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?aa69cb19");
# https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b4e9fb3f");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2022:5555");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1663217");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1782077");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1849045");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1852308");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1958032");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1966615");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1976607");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1981895");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1981900");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1981903");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1981909");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1994144");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2001574");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2001923");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2006625");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2007557");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2030293");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2068270");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2069414");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2070045");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2072626");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2081241");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2081559");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2089856");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2092885");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2093795");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2097414");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2099650");
script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2105296");
script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#moderate");
script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31051");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_cwe_id(212, 400, 770, 835);
script_set_attribute(attribute:"vendor_severity", value:"Moderate");
script_set_attribute(attribute:"vuln_publication_date", value:"2021/05/28");
script_set_attribute(attribute:"patch_publication_date", value:"2022/07/14");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/07/15");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-compress");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apache-commons-compress-javadoc");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Red Hat Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
exit(0);
}
include('rpm.inc');
include('rhel.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_release = get_kb_item('Host/RedHat/release');
if (isnull(os_release) || 'Red Hat' >!< os_release) audit(AUDIT_OS_NOT, 'Red Hat');
var os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:os_release);
if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
os_ver = os_ver[1];
if (!rhel_check_release(operator: 'ge', os_version: os_ver, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_ver);
if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);
var constraints = [
{
'repo_relative_urls': [
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/debug',
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/os',
'content/dist/layered/rhel8/x86_64/rhv-manager/4.4/source/SRPMS'
],
'pkgs': [
{'reference':'apache-commons-compress-1.21-1.2.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-35515', 'CVE-2021-35516', 'CVE-2021-35517', 'CVE-2021-36090']},
{'reference':'apache-commons-compress-javadoc-1.21-1.2.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-35515', 'CVE-2021-35516', 'CVE-2021-35517', 'CVE-2021-36090']},
{'reference':'ovirt-dependencies-4.5.2-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-22096', 'CVE-2022-22950']},
{'reference':'ovirt-web-ui-1.9.0-1.el8ev', 'release':'8', 'el_string':'el8ev', 'rpm_spec_vers_cmp':TRUE, 'exists_check':'ovirt-', 'cves':['CVE-2021-3807', 'CVE-2021-33623', 'CVE-2022-31051']}
]
}
];
var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);
var flag = 0;
foreach var constraint_array ( constraints ) {
var repo_relative_urls = NULL;
if (!empty_or_null(constraint_array['repo_relative_urls'])) repo_relative_urls = constraint_array['repo_relative_urls'];
foreach var pkg ( constraint_array['pkgs'] ) {
var reference = NULL;
var _release = NULL;
var sp = NULL;
var _cpu = NULL;
var el_string = NULL;
var rpm_spec_vers_cmp = NULL;
var epoch = NULL;
var allowmaj = NULL;
var exists_check = NULL;
var cves = NULL;
if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
if (!empty_or_null(pkg['release'])) _release = 'RHEL' + pkg['release'];
if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
if (reference &&
_release &&
rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
(applicable_repo_urls || (!exists_check || rpm_exists(release:_release, rpm:exists_check))) &&
rpm_check(release:_release, sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
}
}
if (flag)
{
var extra = NULL;
if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
else extra = rpm_report_get();
security_report_v4(
port : 0,
severity : SECURITY_WARNING,
extra : extra
);
exit(0);
}
else
{
var tested = pkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apache-commons-compress / apache-commons-compress-javadoc / etc');
}
Vendor | Product | Version | CPE |
---|---|---|---|
redhat | enterprise_linux | ovirt-dependencies | p-cpe:/a:redhat:enterprise_linux:ovirt-dependencies |
redhat | enterprise_linux | apache-commons-compress-javadoc | p-cpe:/a:redhat:enterprise_linux:apache-commons-compress-javadoc |
redhat | enterprise_linux | apache-commons-compress | p-cpe:/a:redhat:enterprise_linux:apache-commons-compress |
redhat | enterprise_linux | ovirt-web-ui | p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui |
redhat | enterprise_linux | 8 | cpe:/o:redhat:enterprise_linux:8 |
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-22096
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-33623
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35515
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35516
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-35517
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-36090
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3807
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22950
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31051
www.nessus.org/u?aa69cb19
www.nessus.org/u?b4e9fb3f
access.redhat.com/errata/RHSA-2022:5555
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=1663217
bugzilla.redhat.com/show_bug.cgi?id=1782077
bugzilla.redhat.com/show_bug.cgi?id=1849045
bugzilla.redhat.com/show_bug.cgi?id=1852308
bugzilla.redhat.com/show_bug.cgi?id=1958032
bugzilla.redhat.com/show_bug.cgi?id=1966615
bugzilla.redhat.com/show_bug.cgi?id=1976607
bugzilla.redhat.com/show_bug.cgi?id=1981895
bugzilla.redhat.com/show_bug.cgi?id=1981900
bugzilla.redhat.com/show_bug.cgi?id=1981903
bugzilla.redhat.com/show_bug.cgi?id=1981909
bugzilla.redhat.com/show_bug.cgi?id=1994144
bugzilla.redhat.com/show_bug.cgi?id=2001574
bugzilla.redhat.com/show_bug.cgi?id=2001923
bugzilla.redhat.com/show_bug.cgi?id=2006625
bugzilla.redhat.com/show_bug.cgi?id=2007557
bugzilla.redhat.com/show_bug.cgi?id=2030293
bugzilla.redhat.com/show_bug.cgi?id=2068270
bugzilla.redhat.com/show_bug.cgi?id=2069414
bugzilla.redhat.com/show_bug.cgi?id=2070045
bugzilla.redhat.com/show_bug.cgi?id=2072626
bugzilla.redhat.com/show_bug.cgi?id=2081241
bugzilla.redhat.com/show_bug.cgi?id=2081559
bugzilla.redhat.com/show_bug.cgi?id=2089856
bugzilla.redhat.com/show_bug.cgi?id=2092885
bugzilla.redhat.com/show_bug.cgi?id=2093795
bugzilla.redhat.com/show_bug.cgi?id=2097414
bugzilla.redhat.com/show_bug.cgi?id=2099650
bugzilla.redhat.com/show_bug.cgi?id=2105296
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
8 High
AI Score
Confidence
Low
7.8 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.025 Low
EPSS
Percentile
90.2%