RHEL 8 : RHV Manager (ovirt-engine) [ovirt-4.5.0] (RHSA-2022:4711)

medium Nessus Plugin ID 161619

Synopsis

The remote Red Hat host is missing one or more security updates for RHV Manager (ovirt-engine) [ovirt-4.5.0].

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2022:4711 advisory.

The ovirt-engine package provides the Red Hat Virtualization Manager, a centralized management platform that allows system administrators to view and manage virtual machines. The Manager provides a comprehensive range of features including search capabilities, resource management, live migrations, and virtual infrastructure provisioning.

Security Fix(es):

* nodejs-ansi-regex: Regular expression denial of service (ReDoS) matching ANSI escape codes (CVE-2021-3807)

* nodejs-trim-off-newlines: ReDoS via string processing (CVE-2021-23425)

* normalize-url: ReDoS for data URLs (CVE-2021-33502)

* jquery-ui: XSS in the altField option of the datepicker widget (CVE-2021-41182)

* jquery-ui: XSS in *Text options of the datepicker widget (CVE-2021-41183)

* jquery-ui: XSS in the 'of' option of the .position() util (CVE-2021-41184)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

A list of bugs fixed in this update is available in the Technical Notes book:

https://access.redhat.com/documentation/en-us/red_hat_virtualization/4.4/html-single/technical_notes

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL RHV Manager (ovirt-engine) [ovirt-4.5.0] package based on the guidance in RHSA-2022:4711.

See Also

http://www.nessus.org/u?56f230c4

http://www.nessus.org/u?b4e9fb3f

https://access.redhat.com/security/updates/classification/#moderate

https://access.redhat.com/errata/RHSA-2022:4711

https://bugzilla.redhat.com/show_bug.cgi?id=1624015

https://bugzilla.redhat.com/show_bug.cgi?id=1648985

https://bugzilla.redhat.com/show_bug.cgi?id=1667517

https://bugzilla.redhat.com/show_bug.cgi?id=1687845

https://bugzilla.redhat.com/show_bug.cgi?id=1781241

https://bugzilla.redhat.com/show_bug.cgi?id=1782056

https://bugzilla.redhat.com/show_bug.cgi?id=1849169

https://bugzilla.redhat.com/show_bug.cgi?id=1878930

https://bugzilla.redhat.com/show_bug.cgi?id=1922977

https://bugzilla.redhat.com/show_bug.cgi?id=1926625

https://bugzilla.redhat.com/show_bug.cgi?id=1927985

https://bugzilla.redhat.com/show_bug.cgi?id=1944290

https://bugzilla.redhat.com/show_bug.cgi?id=1944834

https://bugzilla.redhat.com/show_bug.cgi?id=1956295

https://bugzilla.redhat.com/show_bug.cgi?id=1959186

https://bugzilla.redhat.com/show_bug.cgi?id=1964208

https://bugzilla.redhat.com/show_bug.cgi?id=1964461

https://bugzilla.redhat.com/show_bug.cgi?id=1971622

https://bugzilla.redhat.com/show_bug.cgi?id=1974741

https://bugzilla.redhat.com/show_bug.cgi?id=1979441

https://bugzilla.redhat.com/show_bug.cgi?id=1979797

https://bugzilla.redhat.com/show_bug.cgi?id=1980192

https://bugzilla.redhat.com/show_bug.cgi?id=1986726

https://bugzilla.redhat.com/show_bug.cgi?id=1986834

https://bugzilla.redhat.com/show_bug.cgi?id=1987121

https://bugzilla.redhat.com/show_bug.cgi?id=1988496

https://bugzilla.redhat.com/show_bug.cgi?id=1990462

https://bugzilla.redhat.com/show_bug.cgi?id=1991240

https://bugzilla.redhat.com/show_bug.cgi?id=1995793

https://bugzilla.redhat.com/show_bug.cgi?id=1996123

https://bugzilla.redhat.com/show_bug.cgi?id=1998255

https://bugzilla.redhat.com/show_bug.cgi?id=1999698

https://bugzilla.redhat.com/show_bug.cgi?id=2000031

https://bugzilla.redhat.com/show_bug.cgi?id=2002283

https://bugzilla.redhat.com/show_bug.cgi?id=2003883

https://bugzilla.redhat.com/show_bug.cgi?id=2003996

https://bugzilla.redhat.com/show_bug.cgi?id=2006602

https://bugzilla.redhat.com/show_bug.cgi?id=2006745

https://bugzilla.redhat.com/show_bug.cgi?id=2007384

https://bugzilla.redhat.com/show_bug.cgi?id=2007557

https://bugzilla.redhat.com/show_bug.cgi?id=2008798

https://bugzilla.redhat.com/show_bug.cgi?id=2010203

https://bugzilla.redhat.com/show_bug.cgi?id=2010903

https://bugzilla.redhat.com/show_bug.cgi?id=2013928

https://bugzilla.redhat.com/show_bug.cgi?id=2014888

https://bugzilla.redhat.com/show_bug.cgi?id=2015796

https://bugzilla.redhat.com/show_bug.cgi?id=2019144

https://bugzilla.redhat.com/show_bug.cgi?id=2019148

https://bugzilla.redhat.com/show_bug.cgi?id=2019153

https://bugzilla.redhat.com/show_bug.cgi?id=2021217

https://bugzilla.redhat.com/show_bug.cgi?id=2023250

https://bugzilla.redhat.com/show_bug.cgi?id=2023786

https://bugzilla.redhat.com/show_bug.cgi?id=2024202

https://bugzilla.redhat.com/show_bug.cgi?id=2025936

https://bugzilla.redhat.com/show_bug.cgi?id=2030596

https://bugzilla.redhat.com/show_bug.cgi?id=2030663

https://bugzilla.redhat.com/show_bug.cgi?id=2031027

https://bugzilla.redhat.com/show_bug.cgi?id=2035051

https://bugzilla.redhat.com/show_bug.cgi?id=2037115

https://bugzilla.redhat.com/show_bug.cgi?id=2037121

https://bugzilla.redhat.com/show_bug.cgi?id=2040361

https://bugzilla.redhat.com/show_bug.cgi?id=2040402

https://bugzilla.redhat.com/show_bug.cgi?id=2040474

https://bugzilla.redhat.com/show_bug.cgi?id=2041544

https://bugzilla.redhat.com/show_bug.cgi?id=2043146

https://bugzilla.redhat.com/show_bug.cgi?id=2044273

https://bugzilla.redhat.com/show_bug.cgi?id=2048546

https://bugzilla.redhat.com/show_bug.cgi?id=2050566

https://bugzilla.redhat.com/show_bug.cgi?id=2050614

https://bugzilla.redhat.com/show_bug.cgi?id=2051857

https://bugzilla.redhat.com/show_bug.cgi?id=2052557

https://bugzilla.redhat.com/show_bug.cgi?id=2052690

https://bugzilla.redhat.com/show_bug.cgi?id=2054756

https://bugzilla.redhat.com/show_bug.cgi?id=2055136

https://bugzilla.redhat.com/show_bug.cgi?id=2056021

https://bugzilla.redhat.com/show_bug.cgi?id=2056052

https://bugzilla.redhat.com/show_bug.cgi?id=2056126

https://bugzilla.redhat.com/show_bug.cgi?id=2058264

https://bugzilla.redhat.com/show_bug.cgi?id=2059521

https://bugzilla.redhat.com/show_bug.cgi?id=2059877

https://bugzilla.redhat.com/show_bug.cgi?id=2061904

https://bugzilla.redhat.com/show_bug.cgi?id=2065052

https://bugzilla.redhat.com/show_bug.cgi?id=2066084

https://bugzilla.redhat.com/show_bug.cgi?id=2066283

https://bugzilla.redhat.com/show_bug.cgi?id=2069972

https://bugzilla.redhat.com/show_bug.cgi?id=2070156

https://bugzilla.redhat.com/show_bug.cgi?id=2071468

https://bugzilla.redhat.com/show_bug.cgi?id=2072637

https://bugzilla.redhat.com/show_bug.cgi?id=2072639

https://bugzilla.redhat.com/show_bug.cgi?id=2072641

https://bugzilla.redhat.com/show_bug.cgi?id=2072642

https://bugzilla.redhat.com/show_bug.cgi?id=2072645

https://bugzilla.redhat.com/show_bug.cgi?id=2072646

https://bugzilla.redhat.com/show_bug.cgi?id=2075352

https://bugzilla.redhat.com/show_bug.cgi?id=655153

https://bugzilla.redhat.com/show_bug.cgi?id=977778

Plugin Details

Severity: Medium

ID: 161619

File Name: redhat-RHSA-2022-4711.nasl

Version: 1.10

Type: local

Agent: unix

Published: 5/27/2022

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.4

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS Score Source: CVE-2021-41184

CVSS v3

Risk Factor: Medium

Base Score: 6.1

Temporal Score: 5.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:ovirt-web-ui, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-dbscripts, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-base, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-ui-extensions, p-cpe:/a:redhat:enterprise_linux:python3-ovirt-engine-lib, p-cpe:/a:redhat:enterprise_linux:rhvm, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-webadmin-portal, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-health-check-bundler, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-cinderlib, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine-common, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-websocket-proxy, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-vmconsole-proxy-helper, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools-backup, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:ovirt-engine, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-vmconsole-proxy-helper, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-ovirt-engine, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-setup-plugin-imageio, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-tools, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-backend, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-websocket-proxy, p-cpe:/a:redhat:enterprise_linux:ovirt-engine-restapi

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 5/26/2022

Vulnerability Publication Date: 5/24/2021

Reference Information

CVE: CVE-2021-23425, CVE-2021-33502, CVE-2021-3807, CVE-2021-41182, CVE-2021-41183, CVE-2021-41184

CWE: 400, 79

RHSA: 2022:4711