RHCOS 4 : OpenShift Container Platform 4.10.62 (RHSA-2023:3625)

high Nessus Plugin ID 189419

Synopsis

The remote Red Hat CoreOS host is missing one or more security updates for OpenShift Container Platform 4.10.62.

Description

The remote Red Hat Enterprise Linux CoreOS 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3625 advisory.

- XStream serializes Java objects to XML and back again. Versions prior to 1.4.20 may allow a remote attacker to terminate the application with a stack overflow error, resulting in a denial of service only via manipulation the processed input stream. The attack uses the hash code implementation for collections and maps to force recursive hash calculation causing a stack overflow. This issue is patched in version 1.4.20 which handles the stack overflow and raises an InputManipulationException instead. A potential workaround for users who only use HashMap or HashSet and whose XML refers these only as default map or set, is to change the default implementation of java.util.Map and java.util per the code example in the referenced advisory. However, this implies that your application does not care about the implementation of the map and all elements are comparable. (CVE-2022-41966)

- Spring Framework running version 6.0.0 - 6.0.6 or 5.3.0 - 5.3.25 using ** as a pattern in Spring Security configuration with the mvcRequestMatcher creates a mismatch in pattern matching between Spring Security and Spring MVC, and the potential for a security bypass. (CVE-2023-20860)

- Jenkins Pipeline: Job Plugin does not escape the display name of the build that caused an earlier build to be aborted, resulting in a stored cross-site scripting (XSS) vulnerability exploitable by attackers able to set build display names immediately. (CVE-2023-32977)

- Jenkins Email Extension Plugin does not perform a permission check in a method implementing form validation, allowing attackers with Overall/Read permission to check for the existence of files in the email-templates/ directory in the Jenkins home directory on the controller file system. (CVE-2023-32979)

- A cross-site request forgery (CSRF) vulnerability in Jenkins Email Extension Plugin allows attackers to make another user stop watching an attacker-specified job. (CVE-2023-32980)

- An arbitrary file write vulnerability in Jenkins Pipeline Utility Steps Plugin 2.15.2 and earlier allows attackers able to provide crafted archives as parameters to create or replace arbitrary files on the agent file system with attacker-specified content. (CVE-2023-32981)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHCOS OpenShift Container Platform 4.10.62 package based on the guidance in RHSA-2023:3625.

See Also

https://access.redhat.com/security/cve/CVE-2022-41966

https://access.redhat.com/security/cve/CVE-2023-20860

https://access.redhat.com/security/cve/CVE-2023-32977

https://access.redhat.com/security/cve/CVE-2023-32979

https://access.redhat.com/security/cve/CVE-2023-32980

https://access.redhat.com/security/cve/CVE-2023-32981

https://access.redhat.com/errata/RHSA-2023:3625

Plugin Details

Severity: High

ID: 189419

File Name: rhcos-RHSA-2023-3625.nasl

Version: 1.0

Type: local

Agent: unix

Published: 1/24/2024

Updated: 1/24/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: High

Base Score: 9

Temporal Score: 7

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

CVSS Score Source: CVE-2023-32981

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:redhat:enterprise_linux:8:coreos, p-cpe:/a:redhat:enterprise_linux:jenkins-2-plugins, p-cpe:/a:redhat:enterprise_linux:jenkins

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 6/23/2023

Vulnerability Publication Date: 12/24/2022

Reference Information

CVE: CVE-2022-41966, CVE-2023-20860, CVE-2023-32977, CVE-2023-32979, CVE-2023-32980, CVE-2023-32981

CWE: 120, 121, 155, 266, 352, 502, 79

RHSA: 2023:3625