The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0076 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    Security Fix(es):

    * Moment.js: Path traversal  in moment.locale (CVE-2022-24785)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    This update also fixes several bugs and adds various enhancements. Documentation for these changes is     available from the Release Notes document linked to in the References section.

    Bug Fix(es)

    These new packages include numerous bug fixes and enhancements. Space precludes documenting all of these     changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on     the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

    All users of Red Hat Ceph Storage are advised to upgrade to these updated packages that provide numerous     enhancements and bug fixes.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 / 9 : Red Hat Ceph Storage 5.3 security update and Bug Fix (Moderate) (RHSA-2023:0076)

high Nessus Plugin ID 169920

Version 1.7

Version 1.6

Version 1.5

Version 1.4

Version 1.3

Version 1.2

Version 1.1

Version 1.0

Version 1.7 Nov 7, 2024, 8:25 PM CVSS metrics ("Cvssv4 score" set to 0.0) CVSSv2 severity (based on None, severity decreased from "High" to "Low") Plugin metadata Plugin Feed: 202411072025
Version 1.6 Jul 11, 2024, 7:13 AM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:POC/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:P/RL:O/RC:C") Plugin Feed: 202407110713
Version 1.5 Jun 3, 2024, 7:01 PM Detection (updated detection logic) Plugin metadata Plugin Feed: 202406031901
Version 1.4 Apr 28, 2024, 2:25 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:U/RL:OF/RC:C") CVSS temporal metrics ("CVSSv3 temporal vector" set to "CVSS:3.0/E:U/RL:O/RC:C") Detection (updated detection logic) Plugin metadata Plugin Feed: 202404281425
Version 1.3 Aug 2, 2023, 10:14 PM CVSS temporal metrics ("CVSSv2 temporal vector" set to "CVSS2#E:F/RL:OF/RC:C". "CVSSv3 temporal vector" set to "CVSS:3.0/E:F/RL:O/RC:C") Plugin Feed: 202308022214
Version 1.2 May 24, 2023, 8:43 PM Logic Changes (Added support for ppc64le architecture) Plugin Feed: 202305242043
Version 1.1 Jan 24, 2023, 1:51 AM Logic Changes (Added support for repository relative URLs) Plugin Feed: 202301240151
Version 1.0 Jan 12, 2023, 1:44 AM New Plugin Feed: 202301120144