RHEL 8 : idm:DL1 and idm:client (RHSA-2021:1846)

medium Nessus Plugin ID 149672

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2021:1846 advisory.

Red Hat Identity Management (IdM) is a centralized authentication, identity management, and authorization solution for both traditional and cloud-based enterprise environments.

Security Fix(es):

* jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution (CVE-2020-11023)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.4 Release Notes linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?8015b3e3

http://www.nessus.org/u?862005a9

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2021:1846

https://bugzilla.redhat.com/show_bug.cgi?id=1340463

https://bugzilla.redhat.com/show_bug.cgi?id=1357495

https://bugzilla.redhat.com/show_bug.cgi?id=1484088

https://bugzilla.redhat.com/show_bug.cgi?id=1542737

https://bugzilla.redhat.com/show_bug.cgi?id=1544379

https://bugzilla.redhat.com/show_bug.cgi?id=1660877

https://bugzilla.redhat.com/show_bug.cgi?id=1779981

https://bugzilla.redhat.com/show_bug.cgi?id=1780328

https://bugzilla.redhat.com/show_bug.cgi?id=1780510

https://bugzilla.redhat.com/show_bug.cgi?id=1780782

https://bugzilla.redhat.com/show_bug.cgi?id=1784657

https://bugzilla.redhat.com/show_bug.cgi?id=1809215

https://bugzilla.redhat.com/show_bug.cgi?id=1810148

https://bugzilla.redhat.com/show_bug.cgi?id=1812871

https://bugzilla.redhat.com/show_bug.cgi?id=1824193

https://bugzilla.redhat.com/show_bug.cgi?id=1850004

https://bugzilla.redhat.com/show_bug.cgi?id=1851835

https://bugzilla.redhat.com/show_bug.cgi?id=1857272

https://bugzilla.redhat.com/show_bug.cgi?id=1860129

https://bugzilla.redhat.com/show_bug.cgi?id=1866558

https://bugzilla.redhat.com/show_bug.cgi?id=1872603

https://bugzilla.redhat.com/show_bug.cgi?id=1875001

https://bugzilla.redhat.com/show_bug.cgi?id=1882340

https://bugzilla.redhat.com/show_bug.cgi?id=1891056

https://bugzilla.redhat.com/show_bug.cgi?id=1891505

https://bugzilla.redhat.com/show_bug.cgi?id=1891735

https://bugzilla.redhat.com/show_bug.cgi?id=1891741

https://bugzilla.redhat.com/show_bug.cgi?id=1891832

https://bugzilla.redhat.com/show_bug.cgi?id=1891850

https://bugzilla.redhat.com/show_bug.cgi?id=1894800

https://bugzilla.redhat.com/show_bug.cgi?id=1901068

https://bugzilla.redhat.com/show_bug.cgi?id=1902173

https://bugzilla.redhat.com/show_bug.cgi?id=1902727

https://bugzilla.redhat.com/show_bug.cgi?id=1903025

https://bugzilla.redhat.com/show_bug.cgi?id=1904484

https://bugzilla.redhat.com/show_bug.cgi?id=1904612

https://bugzilla.redhat.com/show_bug.cgi?id=1905919

https://bugzilla.redhat.com/show_bug.cgi?id=1909876

https://bugzilla.redhat.com/show_bug.cgi?id=1912845

https://bugzilla.redhat.com/show_bug.cgi?id=1922955

https://bugzilla.redhat.com/show_bug.cgi?id=1923900

https://bugzilla.redhat.com/show_bug.cgi?id=1924026

https://bugzilla.redhat.com/show_bug.cgi?id=1924501

https://bugzilla.redhat.com/show_bug.cgi?id=1924812

https://bugzilla.redhat.com/show_bug.cgi?id=1925410

https://bugzilla.redhat.com/show_bug.cgi?id=1926699

https://bugzilla.redhat.com/show_bug.cgi?id=1926910

https://bugzilla.redhat.com/show_bug.cgi?id=1928900

https://bugzilla.redhat.com/show_bug.cgi?id=1930426

https://bugzilla.redhat.com/show_bug.cgi?id=1932289

https://bugzilla.redhat.com/show_bug.cgi?id=1939371

https://bugzilla.redhat.com/show_bug.cgi?id=871208

Plugin Details

Severity: Medium

ID: 149672

File Name: redhat-RHSA-2021-1846.nasl

Version: 1.13

Type: local

Agent: unix

Published: 5/19/2021

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2020-11023

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:softhsm-devel, p-cpe:/a:redhat:enterprise_linux:opendnssec, p-cpe:/a:redhat:enterprise_linux:ipa, p-cpe:/a:redhat:enterprise_linux:python3-ipaserver, p-cpe:/a:redhat:enterprise_linux:ipa-server-dns, p-cpe:/a:redhat:enterprise_linux:ipa-common, p-cpe:/a:redhat:enterprise_linux:ipa-server-trust-ad, p-cpe:/a:redhat:enterprise_linux:python3-jwcrypto, p-cpe:/a:redhat:enterprise_linux:slapi-nis, p-cpe:/a:redhat:enterprise_linux:ipa-client, p-cpe:/a:redhat:enterprise_linux:python3-ipalib, p-cpe:/a:redhat:enterprise_linux:ipa-client-common, p-cpe:/a:redhat:enterprise_linux:ipa-client-samba, p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck, p-cpe:/a:redhat:enterprise_linux:python-jwcrypto, p-cpe:/a:redhat:enterprise_linux:python3-qrcode, p-cpe:/a:redhat:enterprise_linux:python-qrcode, p-cpe:/a:redhat:enterprise_linux:python3-qrcode-core, p-cpe:/a:redhat:enterprise_linux:python3-ipatests, p-cpe:/a:redhat:enterprise_linux:ipa-selinux, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ipa-server, p-cpe:/a:redhat:enterprise_linux:python3-custodia, p-cpe:/a:redhat:enterprise_linux:ipa-client-epn, p-cpe:/a:redhat:enterprise_linux:ipa-server-common, p-cpe:/a:redhat:enterprise_linux:bind-dyndb-ldap, p-cpe:/a:redhat:enterprise_linux:ipa-healthcheck-core, p-cpe:/a:redhat:enterprise_linux:python3-pyusb, p-cpe:/a:redhat:enterprise_linux:custodia, p-cpe:/a:redhat:enterprise_linux:python3-ipaclient, p-cpe:/a:redhat:enterprise_linux:python-yubico, p-cpe:/a:redhat:enterprise_linux:python3-kdcproxy, p-cpe:/a:redhat:enterprise_linux:ipa-python-compat, p-cpe:/a:redhat:enterprise_linux:pyusb, p-cpe:/a:redhat:enterprise_linux:python3-yubico, p-cpe:/a:redhat:enterprise_linux:softhsm, p-cpe:/a:redhat:enterprise_linux:python-kdcproxy

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/18/2021

Vulnerability Publication Date: 4/29/2020

Reference Information

CVE: CVE-2020-11023

CWE: 79

IAVA: 2021-A-0194-S

IAVB: 2020-B-0030

RHSA: 2021:1846