The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2023:0076 advisory.

    Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable     version of the Ceph storage system with a Ceph management platform, deployment utilities, and support     services.

    Security Fix(es):

    * Moment.js: Path traversal  in moment.locale (CVE-2022-24785)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    This update also fixes several bugs and adds various enhancements. Documentation for these changes is     available from the Release Notes document linked to in the References section.

    Bug Fix(es)

    These new packages include numerous bug fixes and enhancements. Space precludes documenting all of these     changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on     the most significant of these changes:

    https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/5.3/html/release_notes/index

    All users of Red Hat Ceph Storage are advised to upgrade to these updated packages that provide numerous     enhancements and bug fixes.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Detections

Analytics

RHEL 8 / 9 : Red Hat Ceph Storage 5.3 security update and Bug Fix (Moderate) (RHSA-2023:0076)

high Nessus Plugin ID 169920

Version 1.7