RHEL 7 : CloudForms 4.6.3 update (Moderate) (RHSA-2018:2184)

medium Nessus Plugin ID 194026

Synopsis

The remote Red Hat host is missing a security update.

Description

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2018:2184 advisory.

Red Hat CloudForms Management Engine delivers the insight, control, and automation needed to address the challenges of managing virtual environments. CloudForms Management Engine is built on Ruby on Rails, a model-view-controller (MVC) framework for web application development. Action Pack implements the controller and the view components.

Security fix(es):

* ansible: Failed tasks do not honour no_log option allowing for secrets to be disclosed in logs (CVE-2018-10855)

Red Hat would like to thank Tobias Henkel (BMW Car IT GmbH) for reporting these issues.

For more details about the security issue(s), including the impact, a CVSS score, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update fixes various bugs and adds enhancements. Documentation for these changes is available from the Release Notes document.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1578996

https://bugzilla.redhat.com/show_bug.cgi?id=1580520

https://bugzilla.redhat.com/show_bug.cgi?id=1580535

https://bugzilla.redhat.com/show_bug.cgi?id=1581287

https://bugzilla.redhat.com/show_bug.cgi?id=1581307

https://bugzilla.redhat.com/show_bug.cgi?id=1581386

https://bugzilla.redhat.com/show_bug.cgi?id=1583704

https://bugzilla.redhat.com/show_bug.cgi?id=1583710

https://bugzilla.redhat.com/show_bug.cgi?id=1583777

https://bugzilla.redhat.com/show_bug.cgi?id=1583779

https://bugzilla.redhat.com/show_bug.cgi?id=1583784

https://bugzilla.redhat.com/show_bug.cgi?id=1583786

https://bugzilla.redhat.com/show_bug.cgi?id=1583788

https://bugzilla.redhat.com/show_bug.cgi?id=1583851

https://bugzilla.redhat.com/show_bug.cgi?id=1584186

https://bugzilla.redhat.com/show_bug.cgi?id=1592852

https://bugzilla.redhat.com/show_bug.cgi?id=1592913

https://bugzilla.redhat.com/show_bug.cgi?id=1592973

https://bugzilla.redhat.com/show_bug.cgi?id=1593677

https://bugzilla.redhat.com/show_bug.cgi?id=1593684

https://bugzilla.redhat.com/show_bug.cgi?id=1593797

https://bugzilla.redhat.com/show_bug.cgi?id=1594027

https://bugzilla.redhat.com/show_bug.cgi?id=1594268

https://bugzilla.redhat.com/show_bug.cgi?id=1594275

https://bugzilla.redhat.com/show_bug.cgi?id=1594324

https://bugzilla.redhat.com/show_bug.cgi?id=1594386

https://bugzilla.redhat.com/show_bug.cgi?id=1594831

https://bugzilla.redhat.com/show_bug.cgi?id=1594833

https://bugzilla.redhat.com/show_bug.cgi?id=1594839

https://bugzilla.redhat.com/show_bug.cgi?id=1595324

https://bugzilla.redhat.com/show_bug.cgi?id=1595418

https://bugzilla.redhat.com/show_bug.cgi?id=1595734

https://bugzilla.redhat.com/show_bug.cgi?id=1596248

https://bugzilla.redhat.com/show_bug.cgi?id=1596249

https://bugzilla.redhat.com/show_bug.cgi?id=1596314

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=1536677

https://bugzilla.redhat.com/show_bug.cgi?id=1553227

https://bugzilla.redhat.com/show_bug.cgi?id=1553383

https://bugzilla.redhat.com/show_bug.cgi?id=1553795

https://bugzilla.redhat.com/show_bug.cgi?id=1563745

https://bugzilla.redhat.com/show_bug.cgi?id=1565845

https://bugzilla.redhat.com/show_bug.cgi?id=1565925

https://bugzilla.redhat.com/show_bug.cgi?id=1566570

https://bugzilla.redhat.com/show_bug.cgi?id=1569170

https://bugzilla.redhat.com/show_bug.cgi?id=1571303

https://bugzilla.redhat.com/show_bug.cgi?id=1572760

https://bugzilla.redhat.com/show_bug.cgi?id=1574154

https://bugzilla.redhat.com/show_bug.cgi?id=1574569

https://bugzilla.redhat.com/show_bug.cgi?id=1575713

https://bugzilla.redhat.com/show_bug.cgi?id=1576099

https://bugzilla.redhat.com/show_bug.cgi?id=1577247

https://bugzilla.redhat.com/show_bug.cgi?id=1578121

https://bugzilla.redhat.com/show_bug.cgi?id=1578124

https://bugzilla.redhat.com/show_bug.cgi?id=1578125

https://bugzilla.redhat.com/show_bug.cgi?id=1578126

https://bugzilla.redhat.com/show_bug.cgi?id=1578388

https://bugzilla.redhat.com/show_bug.cgi?id=1578393

https://bugzilla.redhat.com/show_bug.cgi?id=1578394

https://bugzilla.redhat.com/show_bug.cgi?id=1578398

https://bugzilla.redhat.com/show_bug.cgi?id=1578400

https://bugzilla.redhat.com/show_bug.cgi?id=1578856

https://bugzilla.redhat.com/show_bug.cgi?id=1578865

https://bugzilla.redhat.com/show_bug.cgi?id=1578954

https://bugzilla.redhat.com/show_bug.cgi?id=1578957

https://bugzilla.redhat.com/show_bug.cgi?id=1578964

https://bugzilla.redhat.com/show_bug.cgi?id=1578972

https://bugzilla.redhat.com/show_bug.cgi?id=1578976

https://bugzilla.redhat.com/show_bug.cgi?id=1578986

https://bugzilla.redhat.com/show_bug.cgi?id=1578990

https://bugzilla.redhat.com/show_bug.cgi?id=1584296

https://bugzilla.redhat.com/show_bug.cgi?id=1584406

https://bugzilla.redhat.com/show_bug.cgi?id=1584687

https://bugzilla.redhat.com/show_bug.cgi?id=1584699

https://bugzilla.redhat.com/show_bug.cgi?id=1585709

https://bugzilla.redhat.com/show_bug.cgi?id=1585745

https://bugzilla.redhat.com/show_bug.cgi?id=1585821

https://bugzilla.redhat.com/show_bug.cgi?id=1586213

https://bugzilla.redhat.com/show_bug.cgi?id=1588038

https://bugzilla.redhat.com/show_bug.cgi?id=1588042

https://bugzilla.redhat.com/show_bug.cgi?id=1588855

https://bugzilla.redhat.com/show_bug.cgi?id=1589837

https://bugzilla.redhat.com/show_bug.cgi?id=1590346

https://bugzilla.redhat.com/show_bug.cgi?id=1590353

https://bugzilla.redhat.com/show_bug.cgi?id=1590426

https://bugzilla.redhat.com/show_bug.cgi?id=1590430

https://bugzilla.redhat.com/show_bug.cgi?id=1590846

https://bugzilla.redhat.com/show_bug.cgi?id=1591422

https://bugzilla.redhat.com/show_bug.cgi?id=1591423

https://bugzilla.redhat.com/show_bug.cgi?id=1591425

https://bugzilla.redhat.com/show_bug.cgi?id=1591427

https://bugzilla.redhat.com/show_bug.cgi?id=1591429

https://bugzilla.redhat.com/show_bug.cgi?id=1591450

https://bugzilla.redhat.com/show_bug.cgi?id=1591484

https://bugzilla.redhat.com/show_bug.cgi?id=1591939

https://bugzilla.redhat.com/show_bug.cgi?id=1592414

https://bugzilla.redhat.com/show_bug.cgi?id=1592504

http://www.nessus.org/u?707ece6e

https://access.redhat.com/errata/RHSA-2018:2184

Plugin Details

Severity: Medium

ID: 194026

File Name: redhat-RHSA-2018-2184.nasl

Version: 1.1

Type: local

Agent: unix

Published: 4/27/2024

Updated: 6/3/2024

Supported Sensors: Frictionless Assessment AWS, Frictionless Assessment Azure, Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 3.2

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSS Score Source: CVE-2018-10855

CVSS v3

Risk Factor: Medium

Base Score: 5.9

Temporal Score: 5.2

Vector: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:cfme, p-cpe:/a:redhat:enterprise_linux:ansible-tower-server, p-cpe:/a:redhat:enterprise_linux:cfme-amazon-smartstate, p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-ansible, p-cpe:/a:redhat:enterprise_linux:ansible, p-cpe:/a:redhat:enterprise_linux:cfme-appliance-common, cpe:/o:redhat:enterprise_linux:7, p-cpe:/a:redhat:enterprise_linux:httpd-configmap-generator, p-cpe:/a:redhat:enterprise_linux:cfme-appliance, p-cpe:/a:redhat:enterprise_linux:cfme-gemset, p-cpe:/a:redhat:enterprise_linux:ansible-doc, p-cpe:/a:redhat:enterprise_linux:ansible-tower, p-cpe:/a:redhat:enterprise_linux:ansible-tower-setup, p-cpe:/a:redhat:enterprise_linux:ansible-tower-ui, p-cpe:/a:redhat:enterprise_linux:ansible-tower-venv-tower, p-cpe:/a:redhat:enterprise_linux:cfme-appliance-tools

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 7/12/2018

Vulnerability Publication Date: 6/16/2018

Reference Information

CVE: CVE-2018-10855

CWE: 532

RHSA: 2018:2184