RHEL 7 : RHGS WA (RHSA-2018:2616)

high Nessus Plugin ID 117322

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2616 advisory.

Red Hat Gluster Storage Web Administration includes a fully automated setup based on Ansible and provides deep metrics and insights into active Gluster storage pools by using the Grafana platform. Red Hat Gluster Storage Web Administration provides a dashboard view which allows an administrator to get a view of overall gluster health in terms of hosts, volumes, bricks, and other components of GlusterFS.

Security Fix(es):

* tendrl-api: Improper cleanup of session token can allow attackers to hijack user sessions (CVE-2018-1127)

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

This issue was discovered by Filip Balk (Red Hat).

Additional Changes:

These updated Red Hat Gluster Storage Wed Administration packages include numerous bug fixes and enhancements. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Gluster Storage 3.4 Release Notes for information on the most significant of these changes:

https://access.redhat.com/site/documentation/en-US/red_hat_gluster_storage/ 3.4/html/3.4_release_notes/

All users of Red Hat Gluster Storage are advised to upgrade to these updated packages, which provide numerous bug fixes and enhancements.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?4707a0a6

http://www.nessus.org/u?d6c2aef9

https://access.redhat.com/errata/RHSA-2018:2616

https://access.redhat.com/security/updates/classification/#low

https://bugzilla.redhat.com/show_bug.cgi?id=1502012

https://bugzilla.redhat.com/show_bug.cgi?id=1506123

https://bugzilla.redhat.com/show_bug.cgi?id=1511993

https://bugzilla.redhat.com/show_bug.cgi?id=1512091

https://bugzilla.redhat.com/show_bug.cgi?id=1512696

https://bugzilla.redhat.com/show_bug.cgi?id=1512937

https://bugzilla.redhat.com/show_bug.cgi?id=1513361

https://bugzilla.redhat.com/show_bug.cgi?id=1513993

https://bugzilla.redhat.com/show_bug.cgi?id=1514171

https://bugzilla.redhat.com/show_bug.cgi?id=1514442

https://bugzilla.redhat.com/show_bug.cgi?id=1515213

https://bugzilla.redhat.com/show_bug.cgi?id=1515252

https://bugzilla.redhat.com/show_bug.cgi?id=1515660

https://bugzilla.redhat.com/show_bug.cgi?id=1516135

https://bugzilla.redhat.com/show_bug.cgi?id=1516417

https://bugzilla.redhat.com/show_bug.cgi?id=1517077

https://bugzilla.redhat.com/show_bug.cgi?id=1517132

https://bugzilla.redhat.com/show_bug.cgi?id=1517215

https://bugzilla.redhat.com/show_bug.cgi?id=1517246

https://bugzilla.redhat.com/show_bug.cgi?id=1517270

https://bugzilla.redhat.com/show_bug.cgi?id=1517422

https://bugzilla.redhat.com/show_bug.cgi?id=1518276

https://bugzilla.redhat.com/show_bug.cgi?id=1518516

https://bugzilla.redhat.com/show_bug.cgi?id=1518525

https://bugzilla.redhat.com/show_bug.cgi?id=1518610

https://bugzilla.redhat.com/show_bug.cgi?id=1518678

https://bugzilla.redhat.com/show_bug.cgi?id=1518736

https://bugzilla.redhat.com/show_bug.cgi?id=1519158

https://bugzilla.redhat.com/show_bug.cgi?id=1519178

https://bugzilla.redhat.com/show_bug.cgi?id=1519188

https://bugzilla.redhat.com/show_bug.cgi?id=1519201

https://bugzilla.redhat.com/show_bug.cgi?id=1519218

https://bugzilla.redhat.com/show_bug.cgi?id=1519724

https://bugzilla.redhat.com/show_bug.cgi?id=1519750

https://bugzilla.redhat.com/show_bug.cgi?id=1520886

https://bugzilla.redhat.com/show_bug.cgi?id=1525376

https://bugzilla.redhat.com/show_bug.cgi?id=1526338

https://bugzilla.redhat.com/show_bug.cgi?id=1526375

https://bugzilla.redhat.com/show_bug.cgi?id=1531133

https://bugzilla.redhat.com/show_bug.cgi?id=1531139

https://bugzilla.redhat.com/show_bug.cgi?id=1536354

https://bugzilla.redhat.com/show_bug.cgi?id=1538248

https://bugzilla.redhat.com/show_bug.cgi?id=1542914

https://bugzilla.redhat.com/show_bug.cgi?id=1546957

https://bugzilla.redhat.com/show_bug.cgi?id=1549146

https://bugzilla.redhat.com/show_bug.cgi?id=1555455

https://bugzilla.redhat.com/show_bug.cgi?id=1558431

https://bugzilla.redhat.com/show_bug.cgi?id=1559362

https://bugzilla.redhat.com/show_bug.cgi?id=1559364

https://bugzilla.redhat.com/show_bug.cgi?id=1559365

https://bugzilla.redhat.com/show_bug.cgi?id=1559368

https://bugzilla.redhat.com/show_bug.cgi?id=1559373

https://bugzilla.redhat.com/show_bug.cgi?id=1559379

https://bugzilla.redhat.com/show_bug.cgi?id=1559387

https://bugzilla.redhat.com/show_bug.cgi?id=1559390

https://bugzilla.redhat.com/show_bug.cgi?id=1559396

https://bugzilla.redhat.com/show_bug.cgi?id=1559399

https://bugzilla.redhat.com/show_bug.cgi?id=1559401

https://bugzilla.redhat.com/show_bug.cgi?id=1559402

https://bugzilla.redhat.com/show_bug.cgi?id=1559405

https://bugzilla.redhat.com/show_bug.cgi?id=1559415

https://bugzilla.redhat.com/show_bug.cgi?id=1559416

https://bugzilla.redhat.com/show_bug.cgi?id=1559417

https://bugzilla.redhat.com/show_bug.cgi?id=1559421

https://bugzilla.redhat.com/show_bug.cgi?id=1559426

https://bugzilla.redhat.com/show_bug.cgi?id=1559432

https://bugzilla.redhat.com/show_bug.cgi?id=1559433

https://bugzilla.redhat.com/show_bug.cgi?id=1559436

https://bugzilla.redhat.com/show_bug.cgi?id=1559486

https://bugzilla.redhat.com/show_bug.cgi?id=1559507

https://bugzilla.redhat.com/show_bug.cgi?id=1559690

https://bugzilla.redhat.com/show_bug.cgi?id=1559792

https://bugzilla.redhat.com/show_bug.cgi?id=1559901

https://bugzilla.redhat.com/show_bug.cgi?id=1560492

https://bugzilla.redhat.com/show_bug.cgi?id=1560879

https://bugzilla.redhat.com/show_bug.cgi?id=1561374

https://bugzilla.redhat.com/show_bug.cgi?id=1561428

https://bugzilla.redhat.com/show_bug.cgi?id=1561468

https://bugzilla.redhat.com/show_bug.cgi?id=1563519

https://bugzilla.redhat.com/show_bug.cgi?id=1563648

https://bugzilla.redhat.com/show_bug.cgi?id=1564107

https://bugzilla.redhat.com/show_bug.cgi?id=1564175

https://bugzilla.redhat.com/show_bug.cgi?id=1564423

https://bugzilla.redhat.com/show_bug.cgi?id=1564510

https://bugzilla.redhat.com/show_bug.cgi?id=1565479

https://bugzilla.redhat.com/show_bug.cgi?id=1565898

https://bugzilla.redhat.com/show_bug.cgi?id=1570048

https://bugzilla.redhat.com/show_bug.cgi?id=1570564

https://bugzilla.redhat.com/show_bug.cgi?id=1570616

https://bugzilla.redhat.com/show_bug.cgi?id=1571235

https://bugzilla.redhat.com/show_bug.cgi?id=1571244

https://bugzilla.redhat.com/show_bug.cgi?id=1571245

https://bugzilla.redhat.com/show_bug.cgi?id=1571280

https://bugzilla.redhat.com/show_bug.cgi?id=1571318

https://bugzilla.redhat.com/show_bug.cgi?id=1571325

https://bugzilla.redhat.com/show_bug.cgi?id=1571755

https://bugzilla.redhat.com/show_bug.cgi?id=1571809

https://bugzilla.redhat.com/show_bug.cgi?id=1572052

https://bugzilla.redhat.com/show_bug.cgi?id=1572090

https://bugzilla.redhat.com/show_bug.cgi?id=1572118

https://bugzilla.redhat.com/show_bug.cgi?id=1572151

https://bugzilla.redhat.com/show_bug.cgi?id=1572216

https://bugzilla.redhat.com/show_bug.cgi?id=1573079

https://bugzilla.redhat.com/show_bug.cgi?id=1573110

https://bugzilla.redhat.com/show_bug.cgi?id=1573481

https://bugzilla.redhat.com/show_bug.cgi?id=1573928

https://bugzilla.redhat.com/show_bug.cgi?id=1573950

https://bugzilla.redhat.com/show_bug.cgi?id=1574938

https://bugzilla.redhat.com/show_bug.cgi?id=1574942

https://bugzilla.redhat.com/show_bug.cgi?id=1575040

https://bugzilla.redhat.com/show_bug.cgi?id=1575835

https://bugzilla.redhat.com/show_bug.cgi?id=1575891

https://bugzilla.redhat.com/show_bug.cgi?id=1576794

https://bugzilla.redhat.com/show_bug.cgi?id=1576829

https://bugzilla.redhat.com/show_bug.cgi?id=1576848

https://bugzilla.redhat.com/show_bug.cgi?id=1578009

https://bugzilla.redhat.com/show_bug.cgi?id=1578329

https://bugzilla.redhat.com/show_bug.cgi?id=1578333

https://bugzilla.redhat.com/show_bug.cgi?id=1578885

https://bugzilla.redhat.com/show_bug.cgi?id=1579148

https://bugzilla.redhat.com/show_bug.cgi?id=1579150

https://bugzilla.redhat.com/show_bug.cgi?id=1579152

https://bugzilla.redhat.com/show_bug.cgi?id=1579516

https://bugzilla.redhat.com/show_bug.cgi?id=1579937

https://bugzilla.redhat.com/show_bug.cgi?id=1580385

https://bugzilla.redhat.com/show_bug.cgi?id=1580509

https://bugzilla.redhat.com/show_bug.cgi?id=1581212

https://bugzilla.redhat.com/show_bug.cgi?id=1581718

https://bugzilla.redhat.com/show_bug.cgi?id=1581736

https://bugzilla.redhat.com/show_bug.cgi?id=1581789

https://bugzilla.redhat.com/show_bug.cgi?id=1582465

https://bugzilla.redhat.com/show_bug.cgi?id=1583171

https://bugzilla.redhat.com/show_bug.cgi?id=1584095

https://bugzilla.redhat.com/show_bug.cgi?id=1584660

https://bugzilla.redhat.com/show_bug.cgi?id=1585116

https://bugzilla.redhat.com/show_bug.cgi?id=1585715

https://bugzilla.redhat.com/show_bug.cgi?id=1586074

https://bugzilla.redhat.com/show_bug.cgi?id=1588357

https://bugzilla.redhat.com/show_bug.cgi?id=1588440

https://bugzilla.redhat.com/show_bug.cgi?id=1588650

https://bugzilla.redhat.com/show_bug.cgi?id=1590405

https://bugzilla.redhat.com/show_bug.cgi?id=1592464

https://bugzilla.redhat.com/show_bug.cgi?id=1592487

https://bugzilla.redhat.com/show_bug.cgi?id=1592991

https://bugzilla.redhat.com/show_bug.cgi?id=1592992

https://bugzilla.redhat.com/show_bug.cgi?id=1593640

https://bugzilla.redhat.com/show_bug.cgi?id=1593852

https://bugzilla.redhat.com/show_bug.cgi?id=1593912

https://bugzilla.redhat.com/show_bug.cgi?id=1594762

https://bugzilla.redhat.com/show_bug.cgi?id=1594862

https://bugzilla.redhat.com/show_bug.cgi?id=1594899

https://bugzilla.redhat.com/show_bug.cgi?id=1594994

https://bugzilla.redhat.com/show_bug.cgi?id=1595005

https://bugzilla.redhat.com/show_bug.cgi?id=1595013

https://bugzilla.redhat.com/show_bug.cgi?id=1595015

https://bugzilla.redhat.com/show_bug.cgi?id=1595016

https://bugzilla.redhat.com/show_bug.cgi?id=1595052

https://bugzilla.redhat.com/show_bug.cgi?id=1595295

https://bugzilla.redhat.com/show_bug.cgi?id=1596655

https://bugzilla.redhat.com/show_bug.cgi?id=1596820

https://bugzilla.redhat.com/show_bug.cgi?id=1596862

https://bugzilla.redhat.com/show_bug.cgi?id=1597235

https://bugzilla.redhat.com/show_bug.cgi?id=1599634

https://bugzilla.redhat.com/show_bug.cgi?id=1599985

https://bugzilla.redhat.com/show_bug.cgi?id=1599987

https://bugzilla.redhat.com/show_bug.cgi?id=1600092

https://bugzilla.redhat.com/show_bug.cgi?id=1600113

https://bugzilla.redhat.com/show_bug.cgi?id=1603175

https://bugzilla.redhat.com/show_bug.cgi?id=1610266

https://bugzilla.redhat.com/show_bug.cgi?id=1611601

https://bugzilla.redhat.com/show_bug.cgi?id=1616208

https://bugzilla.redhat.com/show_bug.cgi?id=1616215

Plugin Details

Severity: High

ID: 117322

File Name: redhat-RHSA-2018-2616.nasl

Version: 1.11

Type: local

Agent: unix

Published: 9/6/2018

Updated: 8/9/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Low

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2018-1127

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.1

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:tendrl-api-httpd, p-cpe:/a:redhat:enterprise_linux:tendrl-monitoring-integration, p-cpe:/a:redhat:enterprise_linux:tendrl-grafana-plugins, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:tendrl-ui, p-cpe:/a:redhat:enterprise_linux:tendrl-api, p-cpe:/a:redhat:enterprise_linux:tendrl-commons, p-cpe:/a:redhat:enterprise_linux:tendrl-ansible, p-cpe:/a:redhat:enterprise_linux:python-flask, p-cpe:/a:redhat:enterprise_linux:python-itsdangerous, p-cpe:/a:redhat:enterprise_linux:python-flask-doc, p-cpe:/a:redhat:enterprise_linux:tendrl-gluster-integration, p-cpe:/a:redhat:enterprise_linux:tendrl-node-agent, p-cpe:/a:redhat:enterprise_linux:tendrl-notifier

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 9/4/2018

Vulnerability Publication Date: 9/11/2018

Reference Information

CVE: CVE-2018-1127

CWE: 613

RHSA: 2018:2616