Detections
Analytics
RHEL 8 : CloudForms 5.0.8 (RHSA-2020:4134)
medium Nessus Plugin ID 141086
Language:
Synopsis
The remote Red Hat host is missing a security update.Description
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2020:4134 advisory.Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.
Security Fix(es):
* cfme-gemset: CloudForms: Cross Site Request Forgery in API notifications (CVE-2020-14369)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.
Solution
Update the affected cfme-gemset package.See Also
http://www.nessus.org/u?32d6b6c4
http://www.nessus.org/u?b131b2e6
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/errata/RHSA-2020:4134
https://bugzilla.redhat.com/show_bug.cgi?id=1672358
https://bugzilla.redhat.com/show_bug.cgi?id=1686077
https://bugzilla.redhat.com/show_bug.cgi?id=1706848
https://bugzilla.redhat.com/show_bug.cgi?id=1713205
https://bugzilla.redhat.com/show_bug.cgi?id=1723864
https://bugzilla.redhat.com/show_bug.cgi?id=1741633
https://bugzilla.redhat.com/show_bug.cgi?id=1772762
https://bugzilla.redhat.com/show_bug.cgi?id=1794551
https://bugzilla.redhat.com/show_bug.cgi?id=1804263
https://bugzilla.redhat.com/show_bug.cgi?id=1825961
https://bugzilla.redhat.com/show_bug.cgi?id=1846273
https://bugzilla.redhat.com/show_bug.cgi?id=1846623
https://bugzilla.redhat.com/show_bug.cgi?id=1846624
https://bugzilla.redhat.com/show_bug.cgi?id=1851087
https://bugzilla.redhat.com/show_bug.cgi?id=1856470
https://bugzilla.redhat.com/show_bug.cgi?id=1858079
https://bugzilla.redhat.com/show_bug.cgi?id=1858107
https://bugzilla.redhat.com/show_bug.cgi?id=1859388
https://bugzilla.redhat.com/show_bug.cgi?id=1859542
https://bugzilla.redhat.com/show_bug.cgi?id=1860033
https://bugzilla.redhat.com/show_bug.cgi?id=1861252
https://bugzilla.redhat.com/show_bug.cgi?id=1862202
https://bugzilla.redhat.com/show_bug.cgi?id=1870737
https://bugzilla.redhat.com/show_bug.cgi?id=1871921
Plugin Details
Severity: Medium
ID: 141086
File Name: redhat-RHSA-2020-4134.nasl
Version: 1.9
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 9/30/2020
Updated: 11/7/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
VPR
Risk Factor: Low
Score: 3.4
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-14369
CVSS v3
Risk Factor: Medium
Base Score: 6.3
Temporal Score: 5.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:L
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:cfme-gemset, cpe:/o:redhat:enterprise_linux:8
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: No known exploits are available
Patch Publication Date: 9/30/2020
Vulnerability Publication Date: 9/30/2020
Reference Information
CVE: CVE-2020-14369