A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows an attacker to create and amend files across the filesystem. In the worse case scenario, remote code execution could be achieved. Applications are only affected if they are using the ChrootOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using "Plain" versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by this issue. This is a go-git implementation issue and does not affect the upstream git cli.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4118 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    Security Fix(es):
    * CVE-2023-39325 golang: net/http, x/net/http2: rapid stream resets can cause excessive work     (CVE-2023-44487)
    *  grafana-container: go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on     go-git clients (CVE-2023-49569)
    * opentelemetry: DoS vulnerability in otelhttp (CVE-2023-45142)

    These new packages include numerous security updates, enhancements, and bug fixes. Space precludes     documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release     Notes for information on the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3925 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    These new packages include numerous enhancements, bug fixes, and known issues. Space precludes documenting     all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for     information on the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/7.1/html/release_notes/index

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:2631 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    These new packages include numerous enhancements, and bug fixes. Space precludes documenting all of these     changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on     the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the RHSA-2024:0880 advisory.

    Red Hat OpenShift Serverless Client kn 1.31.1 provides a CLI to interact with     Red Hat OpenShift Serverless 1.31.1. The kn CLI is delivered as an RPM package     for installation on RHEL platforms, and as binaries for non-Linux platforms.

    This release includes security, bug fixes, and enhancements.

    Security Fix(es):

    * go-git: Maliciously crafted Git server replies can cause DoS on go-git clients (CVE-2023-49568)
    * go-git: Maliciously crafted Git server replies can lead to path traversal and RCE on go-git clients     (CVE-2023-49569)
    * golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests     (CVE-2023-39326)
    * ssh: Prefix truncation attack on Binary Packet Protocol (BPP) (CVE-2023-48795)

    A Red Hat Security Bulletin, which addresses further details about the Rapid     Reset flaw is available in the References section.

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References     section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-526 advisory.

  - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive     server resource consumption. While the total number of requests is bounded by the     http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create     a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound     the number of simultaneously executing handler goroutines to the stream concurrency limit     (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client     has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows     too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2     for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per     HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the     Server.MaxConcurrentStreams setting and the ConfigureServer function. (CVE-2023-39325)

  - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response     body to read many more bytes from the network than are in the body. A malicious HTTP client can further     exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a     handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which     permit including additional metadata in a request or response body sent using the chunked encoding. The     net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large     metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real     body to encoded bytes grows too small. (CVE-2023-39326)

  - A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This     vulnerability allows an attacker to perform denial of service attacks by providing specially crafted     responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only     the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git     implementation issue and does not affect the upstream git cli. (CVE-2023-49568)

  - A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows     an attacker to create and amend files across the filesystem. In the worse case scenario, remote code     execution could be achieved. Applications are only affected if they are using the ChrootOS     https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using Plain     versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS     https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by     this issue. This is a go-git implementation issue and does not affect the upstream git cli.
    (CVE-2023-49569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.2222.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS-2024-1920 advisory.

  - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive     server resource consumption. While the total number of requests is bounded by the     http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create     a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound     the number of simultaneously executing handler goroutines to the stream concurrency limit     (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client     has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows     too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2     for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per     HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the     Server.MaxConcurrentStreams setting and the ConfigureServer function. (CVE-2023-39325)

  - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response     body to read many more bytes from the network than are in the body. A malicious HTTP client can further     exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a     handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which     permit including additional metadata in a request or response body sent using the chunked encoding. The     net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large     metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real     body to encoded bytes grows too small. (CVE-2023-39326)

  - A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This     vulnerability allows an attacker to perform denial of service attacks by providing specially crafted     responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only     the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git     implementation issue and does not affect the upstream git cli. (CVE-2023-49568)

  - A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows     an attacker to create and amend files across the filesystem. In the worse case scenario, remote code     execution could be achieved. Applications are only affected if they are using the ChrootOS     https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using Plain     versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS     https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by     this issue. This is a go-git implementation issue and does not affect the upstream git cli.
    (CVE-2023-49569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of amazon-ssm-agent installed on the remote host is prior to 3.2.2222.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2458 advisory.

  - A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive     server resource consumption. While the total number of requests is bounded by the     http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create     a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound     the number of simultaneously executing handler goroutines to the stream concurrency limit     (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client     has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows     too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2     for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per     HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the     Server.MaxConcurrentStreams setting and the ConfigureServer function. (CVE-2023-39325)

  - A malicious HTTP sender can use chunk extensions to cause a receiver reading from a request or response     body to read many more bytes from the network than are in the body. A malicious HTTP client can further     exploit this to cause a server to automatically read a large amount of data (up to about 1GiB) when a     handler fails to read the entire body of a request. Chunk extensions are a little-used HTTP feature which     permit including additional metadata in a request or response body sent using the chunked encoding. The     net/http chunked encoding reader discards this metadata. A sender can exploit this by inserting a large     metadata segment with each byte transferred. The chunk reader now produces an error if the ratio of real     body to encoded bytes grows too small. (CVE-2023-39326)

  - A denial of service (DoS) vulnerability was discovered in go-git versions prior to v5.11. This     vulnerability allows an attacker to perform denial of service attacks by providing specially crafted     responses from a Git server which triggers resource exhaustion in go-git clients. Applications using only     the in-memory filesystem supported by go-git are not affected by this vulnerability. This is a go-git     implementation issue and does not affect the upstream git cli. (CVE-2023-49568)

  - A path traversal vulnerability was discovered in go-git versions prior to v5.11. This vulnerability allows     an attacker to create and amend files across the filesystem. In the worse case scenario, remote code     execution could be achieved. Applications are only affected if they are using the ChrootOS     https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS , which is the default when using Plain     versions of Open and Clone funcs (e.g. PlainClone). Applications using BoundOS     https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#BoundOS or in-memory filesystems are not affected by     this issue. This is a go-git implementation issue and does not affect the upstream git cli.
    (CVE-2023-49569)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
201046	RHEL 8 / 9 : Red Hat Ceph Storage 5.3 (RHSA-2024:4118)	Nessus	Red Hat Local Security Checks	critical
200554	RHEL 8 / 9 : Red Hat Ceph Storage 7.1 (RHSA-2024:3925)	Nessus	Red Hat Local Security Checks	critical
194887	RHEL 8 / 9 : Red Hat Ceph Storage 6.1 (RHSA-2024:2631)	Nessus	Red Hat Local Security Checks	critical
194406	RHEL 8 : Release of OpenShift Serverless Client kn 1.31.1 (RHSA-2024:0880)	Nessus	Red Hat Local Security Checks	critical
190744	Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2024-526)	Nessus	Amazon Linux Local Security Checks	critical
190705	Amazon Linux AMI : amazon-ssm-agent (ALAS-2024-1920)	Nessus	Amazon Linux Local Security Checks	critical
190697	Amazon Linux 2 : amazon-ssm-agent (ALAS-2024-2458)	Nessus	Amazon Linux Local Security Checks	critical

Detections

Analytics

CVE-2023-49569

critical

Tenable Plugins

critical

critical

critical

critical

critical

critical

critical