Detections
Analytics
RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.0] (RHSA-2022:4711)
medium Nessus Plugin ID 161619
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for RHV Manager (ovirt-engine) [ovirt-4.5.0].Description
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4711 advisory.The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.
Security Fix(es):
* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)
* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)
* normalize-url: ReDoS for data URLs (CVE-2021-33502)
* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)
* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)
* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
A list of bugs fixed in this update is available in the Technical Notes book:
https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL RHV Manager (ovirt-engine) [ovirt-4.5.0] package based on the guidance in RHSA-2022:4711.See Also
http://www.nessus.org/u?56f230c4
http://www.nessus.org/u?b4e9fb3f
https://access.redhat.com/security/updates/classification/#moderate
https://access.redhat.com/errata/RHSA-2022:4711
https://bugzilla.redhat.com/show_bug.cgi?id=1624015
https://bugzilla.redhat.com/show_bug.cgi?id=1648985
https://bugzilla.redhat.com/show_bug.cgi?id=1667517
https://bugzilla.redhat.com/show_bug.cgi?id=1687845
https://bugzilla.redhat.com/show_bug.cgi?id=1781241
https://bugzilla.redhat.com/show_bug.cgi?id=1782056
https://bugzilla.redhat.com/show_bug.cgi?id=1849169
https://bugzilla.redhat.com/show_bug.cgi?id=1878930
https://bugzilla.redhat.com/show_bug.cgi?id=1922977
https://bugzilla.redhat.com/show_bug.cgi?id=1926625
https://bugzilla.redhat.com/show_bug.cgi?id=1927985
https://bugzilla.redhat.com/show_bug.cgi?id=1944290
https://bugzilla.redhat.com/show_bug.cgi?id=1944834
https://bugzilla.redhat.com/show_bug.cgi?id=1956295
https://bugzilla.redhat.com/show_bug.cgi?id=1959186
https://bugzilla.redhat.com/show_bug.cgi?id=1964208
https://bugzilla.redhat.com/show_bug.cgi?id=1964461
https://bugzilla.redhat.com/show_bug.cgi?id=1971622
https://bugzilla.redhat.com/show_bug.cgi?id=1974741
https://bugzilla.redhat.com/show_bug.cgi?id=1979441
https://bugzilla.redhat.com/show_bug.cgi?id=1979797
https://bugzilla.redhat.com/show_bug.cgi?id=1980192
https://bugzilla.redhat.com/show_bug.cgi?id=1986726
https://bugzilla.redhat.com/show_bug.cgi?id=1986834
https://bugzilla.redhat.com/show_bug.cgi?id=1987121
https://bugzilla.redhat.com/show_bug.cgi?id=2061904
https://bugzilla.redhat.com/show_bug.cgi?id=2065052
https://bugzilla.redhat.com/show_bug.cgi?id=2066084
https://bugzilla.redhat.com/show_bug.cgi?id=2066283
https://bugzilla.redhat.com/show_bug.cgi?id=2069972
https://bugzilla.redhat.com/show_bug.cgi?id=2070156
https://bugzilla.redhat.com/show_bug.cgi?id=2071468
https://bugzilla.redhat.com/show_bug.cgi?id=2072637
https://bugzilla.redhat.com/show_bug.cgi?id=2072639
https://bugzilla.redhat.com/show_bug.cgi?id=2072641
https://bugzilla.redhat.com/show_bug.cgi?id=2072642
https://bugzilla.redhat.com/show_bug.cgi?id=2072645
https://bugzilla.redhat.com/show_bug.cgi?id=2072646
https://bugzilla.redhat.com/show_bug.cgi?id=2075352
https://bugzilla.redhat.com/show_bug.cgi?id=655153
https://bugzilla.redhat.com/show_bug.cgi?id=977778
https://bugzilla.redhat.com/show_bug.cgi?id=1988496
https://bugzilla.redhat.com/show_bug.cgi?id=1990462
https://bugzilla.redhat.com/show_bug.cgi?id=1991240
https://bugzilla.redhat.com/show_bug.cgi?id=1995793
https://bugzilla.redhat.com/show_bug.cgi?id=1996123
https://bugzilla.redhat.com/show_bug.cgi?id=1998255
https://bugzilla.redhat.com/show_bug.cgi?id=1999698
https://bugzilla.redhat.com/show_bug.cgi?id=2000031
https://bugzilla.redhat.com/show_bug.cgi?id=2002283
https://bugzilla.redhat.com/show_bug.cgi?id=2003883
https://bugzilla.redhat.com/show_bug.cgi?id=2003996
https://bugzilla.redhat.com/show_bug.cgi?id=2006602
https://bugzilla.redhat.com/show_bug.cgi?id=2006745
https://bugzilla.redhat.com/show_bug.cgi?id=2007384
https://bugzilla.redhat.com/show_bug.cgi?id=2007557
https://bugzilla.redhat.com/show_bug.cgi?id=2008798
https://bugzilla.redhat.com/show_bug.cgi?id=2010203
https://bugzilla.redhat.com/show_bug.cgi?id=2010903
https://bugzilla.redhat.com/show_bug.cgi?id=2013928
https://bugzilla.redhat.com/show_bug.cgi?id=2014888
https://bugzilla.redhat.com/show_bug.cgi?id=2015796
https://bugzilla.redhat.com/show_bug.cgi?id=2019144
https://bugzilla.redhat.com/show_bug.cgi?id=2019148
https://bugzilla.redhat.com/show_bug.cgi?id=2019153
https://bugzilla.redhat.com/show_bug.cgi?id=2021217
https://bugzilla.redhat.com/show_bug.cgi?id=2023250
https://bugzilla.redhat.com/show_bug.cgi?id=2023786
https://bugzilla.redhat.com/show_bug.cgi?id=2024202
https://bugzilla.redhat.com/show_bug.cgi?id=2025936
https://bugzilla.redhat.com/show_bug.cgi?id=2030596
https://bugzilla.redhat.com/show_bug.cgi?id=2030663
https://bugzilla.redhat.com/show_bug.cgi?id=2031027
https://bugzilla.redhat.com/show_bug.cgi?id=2035051
https://bugzilla.redhat.com/show_bug.cgi?id=2037115
https://bugzilla.redhat.com/show_bug.cgi?id=2037121
https://bugzilla.redhat.com/show_bug.cgi?id=2040361
https://bugzilla.redhat.com/show_bug.cgi?id=2040402
https://bugzilla.redhat.com/show_bug.cgi?id=2040474
https://bugzilla.redhat.com/show_bug.cgi?id=2041544
https://bugzilla.redhat.com/show_bug.cgi?id=2043146
https://bugzilla.redhat.com/show_bug.cgi?id=2044273
https://bugzilla.redhat.com/show_bug.cgi?id=2048546
https://bugzilla.redhat.com/show_bug.cgi?id=2050566
https://bugzilla.redhat.com/show_bug.cgi?id=2050614
https://bugzilla.redhat.com/show_bug.cgi?id=2051857
https://bugzilla.redhat.com/show_bug.cgi?id=2052557
https://bugzilla.redhat.com/show_bug.cgi?id=2052690
https://bugzilla.redhat.com/show_bug.cgi?id=2054756
https://bugzilla.redhat.com/show_bug.cgi?id=2055136
https://bugzilla.redhat.com/show_bug.cgi?id=2056021
https://bugzilla.redhat.com/show_bug.cgi?id=2056052
https://bugzilla.redhat.com/show_bug.cgi?id=2056126
https://bugzilla.redhat.com/show_bug.cgi?id=2058264
Plugin Details
Severity: Medium
ID: 161619
File Name: redhat-RHSA-2022-4711.nasl
Version: 1.10
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 5/27/2022
Updated: 11/7/2024
Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.4
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2021-41184
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:python3-ovirt-engine-lib, p-cpe:/a:redhat:enterprise_linux:rhvm, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-webadmin-portal, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-health-check-bundler, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-cinderlib, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine-common, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-websocket-proxy, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-vmconsole-proxy-helper, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools-backup, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ovirt-engine, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-vmconsole-proxy-helper, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-imageio, p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dbscripts, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-backend, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-websocket-proxy, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-restapi, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-base, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-ui-extensions
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 5/26/2022
Vulnerability Publication Date: 5/24/2021
Reference Information
CVE: CVE-2021-23425, CVE-2021-33502, CVE-2021-3807, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184