Detections
Analytics
RHEL 9 : Red Hat Ceph Storage 6.1 (RHSA-2023:3623)
medium Nessus Plugin ID 177348
Language:
Synopsis
The remote Red Hat host is missing one or more security updates for Red Hat Ceph Storage 6.1.Description
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3623 advisory.Red Hat Ceph Storage is a scalable, open, software-defined storage platform that combines the most stable version of the Ceph storage system with a Ceph management platform, deployment utilities, and support services.
These new packages include numerous enhancements and bug fixes. Space precludes documenting all of these changes in this advisory. Users are directed to the Red Hat Ceph Storage Release Notes for information on the most significant of these changes:
https://access.redhat.com/documentation/en-us/red_hat_ceph_storage/6.1/html/release_notes/index
Security Fix(es):
* moment: inefficient parsing algorithm resulting in DoS (CVE-2022-31129)
* angular: XSS vulnerability (CVE-2021-4231)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
All users of Red Hat Ceph Storage are advised to update to these packages that provide numerous enhancements and bug fixes.
Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHEL Red Hat Ceph Storage 6.1 package based on the guidance in RHSA-2023:3623.See Also
http://www.nessus.org/u?15054117
http://www.nessus.org/u?f446c896
https://access.redhat.com/security/updates/classification/#moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1467648
https://bugzilla.redhat.com/show_bug.cgi?id=1600995
https://bugzilla.redhat.com/show_bug.cgi?id=1783271
https://bugzilla.redhat.com/show_bug.cgi?id=1794550
https://bugzilla.redhat.com/show_bug.cgi?id=1929760
https://bugzilla.redhat.com/show_bug.cgi?id=1932764
https://bugzilla.redhat.com/show_bug.cgi?id=1937618
https://bugzilla.redhat.com/show_bug.cgi?id=1975689
https://bugzilla.redhat.com/show_bug.cgi?id=1991808
https://bugzilla.redhat.com/show_bug.cgi?id=2004175
https://bugzilla.redhat.com/show_bug.cgi?id=2016288
https://bugzilla.redhat.com/show_bug.cgi?id=2016949
https://bugzilla.redhat.com/show_bug.cgi?id=2024444
https://bugzilla.redhat.com/show_bug.cgi?id=2025815
https://bugzilla.redhat.com/show_bug.cgi?id=2028058
https://bugzilla.redhat.com/show_bug.cgi?id=2029714
https://bugzilla.redhat.com/show_bug.cgi?id=2036063
https://bugzilla.redhat.com/show_bug.cgi?id=2053347
https://bugzilla.redhat.com/show_bug.cgi?id=2053471
https://bugzilla.redhat.com/show_bug.cgi?id=2064260
https://bugzilla.redhat.com/show_bug.cgi?id=2064265
https://bugzilla.redhat.com/show_bug.cgi?id=2067709
https://bugzilla.redhat.com/show_bug.cgi?id=2076709
https://bugzilla.redhat.com/show_bug.cgi?id=2080926
https://bugzilla.redhat.com/show_bug.cgi?id=2082666
https://bugzilla.redhat.com/show_bug.cgi?id=2092506
https://bugzilla.redhat.com/show_bug.cgi?id=2094052
https://bugzilla.redhat.com/show_bug.cgi?id=2097027
https://bugzilla.redhat.com/show_bug.cgi?id=2097187
https://bugzilla.redhat.com/show_bug.cgi?id=2105075
https://bugzilla.redhat.com/show_bug.cgi?id=2105950
https://bugzilla.redhat.com/show_bug.cgi?id=2106421
https://bugzilla.redhat.com/show_bug.cgi?id=2108228
https://bugzilla.redhat.com/show_bug.cgi?id=2108489
https://bugzilla.redhat.com/show_bug.cgi?id=2109224
https://bugzilla.redhat.com/show_bug.cgi?id=2110290
https://bugzilla.redhat.com/show_bug.cgi?id=2111282
https://bugzilla.redhat.com/show_bug.cgi?id=2111364
https://bugzilla.redhat.com/show_bug.cgi?id=2111680
https://bugzilla.redhat.com/show_bug.cgi?id=2111751
https://bugzilla.redhat.com/show_bug.cgi?id=2112309
https://bugzilla.redhat.com/show_bug.cgi?id=2114835
https://bugzilla.redhat.com/show_bug.cgi?id=2120624
https://bugzilla.redhat.com/show_bug.cgi?id=2124441
https://bugzilla.redhat.com/show_bug.cgi?id=2127345
https://bugzilla.redhat.com/show_bug.cgi?id=2127926
https://bugzilla.redhat.com/show_bug.cgi?id=2129861
https://bugzilla.redhat.com/show_bug.cgi?id=2132554
https://bugzilla.redhat.com/show_bug.cgi?id=2133341
https://bugzilla.redhat.com/show_bug.cgi?id=2133549
https://bugzilla.redhat.com/show_bug.cgi?id=2133802
https://bugzilla.redhat.com/show_bug.cgi?id=2136031
https://bugzilla.redhat.com/show_bug.cgi?id=2136304
https://bugzilla.redhat.com/show_bug.cgi?id=2136336
https://bugzilla.redhat.com/show_bug.cgi?id=2137596
https://bugzilla.redhat.com/show_bug.cgi?id=2138793
https://bugzilla.redhat.com/show_bug.cgi?id=2138794
https://bugzilla.redhat.com/show_bug.cgi?id=2138933
https://bugzilla.redhat.com/show_bug.cgi?id=2139694
https://bugzilla.redhat.com/show_bug.cgi?id=2139769
https://bugzilla.redhat.com/show_bug.cgi?id=2140074
https://bugzilla.redhat.com/show_bug.cgi?id=2140784
https://bugzilla.redhat.com/show_bug.cgi?id=2141110
https://bugzilla.redhat.com/show_bug.cgi?id=2142167
https://bugzilla.redhat.com/show_bug.cgi?id=2142431
https://bugzilla.redhat.com/show_bug.cgi?id=2143285
https://bugzilla.redhat.com/show_bug.cgi?id=2145104
https://bugzilla.redhat.com/show_bug.cgi?id=2146544
https://bugzilla.redhat.com/show_bug.cgi?id=2146546
https://bugzilla.redhat.com/show_bug.cgi?id=2147346
https://bugzilla.redhat.com/show_bug.cgi?id=2147348
https://bugzilla.redhat.com/show_bug.cgi?id=2149259
https://bugzilla.redhat.com/show_bug.cgi?id=2149415
https://bugzilla.redhat.com/show_bug.cgi?id=2149533
https://bugzilla.redhat.com/show_bug.cgi?id=2151189
https://bugzilla.redhat.com/show_bug.cgi?id=2152963
https://bugzilla.redhat.com/show_bug.cgi?id=2153196
https://bugzilla.redhat.com/show_bug.cgi?id=2153452
https://bugzilla.redhat.com/show_bug.cgi?id=2153533
https://bugzilla.redhat.com/show_bug.cgi?id=2153673
https://bugzilla.redhat.com/show_bug.cgi?id=2153726
https://bugzilla.redhat.com/show_bug.cgi?id=2158689
https://bugzilla.redhat.com/show_bug.cgi?id=2159294
https://bugzilla.redhat.com/show_bug.cgi?id=2159307
https://bugzilla.redhat.com/show_bug.cgi?id=2160598
https://bugzilla.redhat.com/show_bug.cgi?id=2161479
https://bugzilla.redhat.com/show_bug.cgi?id=2161483
https://bugzilla.redhat.com/show_bug.cgi?id=2163473
https://bugzilla.redhat.com/show_bug.cgi?id=2164327
https://bugzilla.redhat.com/show_bug.cgi?id=2168541
https://bugzilla.redhat.com/show_bug.cgi?id=2172791
https://bugzilla.redhat.com/show_bug.cgi?id=2175307
https://bugzilla.redhat.com/show_bug.cgi?id=2180110
https://bugzilla.redhat.com/show_bug.cgi?id=2180567
https://bugzilla.redhat.com/show_bug.cgi?id=2181055
https://bugzilla.redhat.com/show_bug.cgi?id=2182022
https://bugzilla.redhat.com/show_bug.cgi?id=2182035
https://bugzilla.redhat.com/show_bug.cgi?id=2182564
https://bugzilla.redhat.com/show_bug.cgi?id=2182613
https://bugzilla.redhat.com/show_bug.cgi?id=2184268
https://bugzilla.redhat.com/show_bug.cgi?id=2185588
https://bugzilla.redhat.com/show_bug.cgi?id=2185772
https://bugzilla.redhat.com/show_bug.cgi?id=2186095
https://bugzilla.redhat.com/show_bug.cgi?id=2186126
https://bugzilla.redhat.com/show_bug.cgi?id=2186472
https://bugzilla.redhat.com/show_bug.cgi?id=2186557
https://bugzilla.redhat.com/show_bug.cgi?id=2186738
https://bugzilla.redhat.com/show_bug.cgi?id=2186760
https://bugzilla.redhat.com/show_bug.cgi?id=2186774
https://bugzilla.redhat.com/show_bug.cgi?id=2187265
https://bugzilla.redhat.com/show_bug.cgi?id=2187394
https://bugzilla.redhat.com/show_bug.cgi?id=2187617
https://bugzilla.redhat.com/show_bug.cgi?id=2187659
https://bugzilla.redhat.com/show_bug.cgi?id=2188266
https://bugzilla.redhat.com/show_bug.cgi?id=2188460
https://bugzilla.redhat.com/show_bug.cgi?id=2189308
https://bugzilla.redhat.com/show_bug.cgi?id=2190412
https://bugzilla.redhat.com/show_bug.cgi?id=2196421
https://bugzilla.redhat.com/show_bug.cgi?id=2196920
https://bugzilla.redhat.com/show_bug.cgi?id=2203098
https://bugzilla.redhat.com/show_bug.cgi?id=2203160
https://bugzilla.redhat.com/show_bug.cgi?id=2203747
https://bugzilla.redhat.com/show_bug.cgi?id=2204479
https://bugzilla.redhat.com/show_bug.cgi?id=2207702
https://bugzilla.redhat.com/show_bug.cgi?id=2207718
https://bugzilla.redhat.com/show_bug.cgi?id=2209109
https://bugzilla.redhat.com/show_bug.cgi?id=2209300
https://bugzilla.redhat.com/show_bug.cgi?id=2209375
https://bugzilla.redhat.com/show_bug.cgi?id=2209970
Plugin Details
Severity: Medium
ID: 177348
File Name: redhat-RHSA-2023-3623.nasl
Version: 1.3
Type: local
Agent: unix
Family: Red Hat Local Security Checks
Published: 6/15/2023
Updated: 11/7/2024
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.4
Vendor
Vendor Severity: Moderate
CVSS v2
Risk Factor: Low
Base Score: 3.5
Temporal Score: 2.7
Vector: CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS Score Source: CVE-2021-4231
CVSS v3
Risk Factor: Medium
Base Score: 5.4
Temporal Score: 4.9
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:redhat:enterprise_linux:ceph-mib, p-cpe:/a:redhat:enterprise_linux:python3-ceph-argparse, p-cpe:/a:redhat:enterprise_linux:librgw2, p-cpe:/a:redhat:enterprise_linux:libradospp-devel, p-cpe:/a:redhat:enterprise_linux:python3-ceph-common, p-cpe:/a:redhat:enterprise_linux:libradosstriper1, p-cpe:/a:redhat:enterprise_linux:librgw-devel, p-cpe:/a:redhat:enterprise_linux:cephadm, p-cpe:/a:redhat:enterprise_linux:librados-devel, p-cpe:/a:redhat:enterprise_linux:librbd-devel, cpe:/o:redhat:enterprise_linux:9, p-cpe:/a:redhat:enterprise_linux:python3-cephfs, p-cpe:/a:redhat:enterprise_linux:ceph-common, p-cpe:/a:redhat:enterprise_linux:ceph-resource-agents, p-cpe:/a:redhat:enterprise_linux:cephfs-top, p-cpe:/a:redhat:enterprise_linux:librados2, p-cpe:/a:redhat:enterprise_linux:libcephfs2, p-cpe:/a:redhat:enterprise_linux:ceph, p-cpe:/a:redhat:enterprise_linux:python3-rados, p-cpe:/a:redhat:enterprise_linux:rbd-nbd, p-cpe:/a:redhat:enterprise_linux:librbd1, p-cpe:/a:redhat:enterprise_linux:ceph-base, p-cpe:/a:redhat:enterprise_linux:ceph-fuse, p-cpe:/a:redhat:enterprise_linux:ceph-immutable-object-cache, p-cpe:/a:redhat:enterprise_linux:python3-rbd, p-cpe:/a:redhat:enterprise_linux:ceph-selinux, p-cpe:/a:redhat:enterprise_linux:python3-rgw, p-cpe:/a:redhat:enterprise_linux:libcephfs-devel
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 6/15/2023
Vulnerability Publication Date: 5/26/2022
Reference Information
CVE: CVE-2021-4231, CVE-2022-31129