Synopsis
The remote Red Hat CoreOS host is missing one or more security updates for OpenShift Container Platform 4.10.62.
Description
The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory.
- XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. (CVE-2022-41966)
- Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ** as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. (CVE-2023-20860)
- Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. (CVE-2023-32977)
- Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. (CVE-2023-32979)
- A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. (CVE-2023-32980)
- An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content. (CVE-2023-32981)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.
Solution
Update the RHCOS OpenShift Container Platform 4.10.62 package based on the guidance in RHSA-2023:3625.
Plugin Details
File Name: rhcos-RHSA-2023-3625.nasl
Agent: unix
Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus
Risk Information
Vendor
Vendor Severity: Important
Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C
Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:redhat:enterprise_linux:8:coreos, p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins, p-cpe:/a:redhat:enterprise_linux:jenkins
Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu
Exploit Ease: Exploits are available
Patch Publication Date: 6/23/2023
Vulnerability Publication Date: 12/24/2022