RHEL 8 : Satellite 6.14 (RHSA-2023:6818)

critical Nessus Plugin ID 194436

Synopsis

The remote Red Hat host is missing one or more security updates for Satellite 6.14.

Description

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6818 advisory.

Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitoring of multiple Linux deployments with a single centralized tool.

Security Fix(es):

* golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487) (CVE-2023-39325)

* HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack) (CVE-2023-44487)

* GitPython: Insecure non-multi options in clone and clone_from is not blocked (CVE-2023-40267)

* kubeclient: kubeconfig parsing error can lead to MITM attacks (CVE-2022-0759)

* foreman: OS command injection via ct_command and fcct_command (CVE-2022-3874)

* ruby-git: code injection vulnerability (CVE-2022-46648)

* ruby-git: code injection vulnerability (CVE-2022-47318)

* Foreman: Arbitrary code execution through templates (CVE-2023-0118)

* rubygem-activerecord: SQL Injection (CVE-2023-22794)

* openssl: c_rehash script allows command injection (CVE-2022-1292)

* openssl: the c_rehash script allows command injection (CVE-2022-2068)

* Pulp:Tokens stored in plaintext (CVE-2022-3644)

* satellite: Blind SSRF via Referer header (CVE-2022-4130)

* python-future: remote attackers can cause denial of service via crafted Set-Cookie header from malicious web server (CVE-2022-40899)

* golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests (CVE-2022-41717)

* rubygem-activerecord: Denial of Service (CVE-2022-44566)

* rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44570)

* rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44571)

* rubygem-rack: denial of service in Content-Disposition parsing (CVE-2022-44572)

* Foreman: Stored cross-site scripting in host tab (CVE-2023-0119)

* puppet: Puppet Server ReDoS (CVE-2023-1894)

* rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22792)

* rubygem-actionpack: Denial of Service in Action Dispatch (CVE-2023-22795)

* rubygem-activesupport: Regular Expression Denial of Service (CVE-2023-22796)

* rubygem-globalid: ReDoS vulnerability (CVE-2023-22799)

* rubygem-rack: Denial of service in Multipart MIME parsing (CVE-2023-27530)

* rubygem-rack: denial of service in header parsing (CVE-2023-27539)

* golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

* sqlparse: Parser contains a regular expression that is vulnerable to ReDOS (Regular Expression Denial of Service) (CVE-2023-30608)

* python-django: Potential bypass of validation when uploading multiple files using one form field (CVE-2023-31047)

* python-requests: Unintended leak of Proxy-Authorization header (CVE-2023-32681)

* python-django: Potential regular expression denial of service vulnerability in EmailValidator/URLValidator (CVE-2023-36053)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Additional Changes:

This update also fixes several bugs and adds various enhancements. Documentation for these changes is available from the Release Notes document linked to in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL Satellite 6.14 package based on the guidance in RHSA-2023:6818.

See Also

https://bugzilla.redhat.com/show_bug.cgi?id=1859112

https://bugzilla.redhat.com/show_bug.cgi?id=1872414

https://bugzilla.redhat.com/show_bug.cgi?id=1885552

https://bugzilla.redhat.com/show_bug.cgi?id=1904201

https://bugzilla.redhat.com/show_bug.cgi?id=1922972

https://bugzilla.redhat.com/show_bug.cgi?id=1925532

https://bugzilla.redhat.com/show_bug.cgi?id=1944710

https://bugzilla.redhat.com/show_bug.cgi?id=1947095

https://bugzilla.redhat.com/show_bug.cgi?id=1949960

https://bugzilla.redhat.com/show_bug.cgi?id=1950836

https://bugzilla.redhat.com/show_bug.cgi?id=1955046

https://bugzilla.redhat.com/show_bug.cgi?id=1967030

https://bugzilla.redhat.com/show_bug.cgi?id=1972308

https://bugzilla.redhat.com/show_bug.cgi?id=1980277

https://bugzilla.redhat.com/show_bug.cgi?id=1992283

https://bugzilla.redhat.com/show_bug.cgi?id=1995783

https://bugzilla.redhat.com/show_bug.cgi?id=2000215

https://bugzilla.redhat.com/show_bug.cgi?id=2002202

https://bugzilla.redhat.com/show_bug.cgi?id=2009069

https://bugzilla.redhat.com/show_bug.cgi?id=2013759

https://bugzilla.redhat.com/show_bug.cgi?id=2043089

https://bugzilla.redhat.com/show_bug.cgi?id=2044537

https://bugzilla.redhat.com/show_bug.cgi?id=2053421

https://bugzilla.redhat.com/show_bug.cgi?id=2055790

https://bugzilla.redhat.com/show_bug.cgi?id=2058404

https://bugzilla.redhat.com/show_bug.cgi?id=2060613

https://bugzilla.redhat.com/show_bug.cgi?id=2069324

https://bugzilla.redhat.com/show_bug.cgi?id=2069666

https://bugzilla.redhat.com/show_bug.cgi?id=2073535

https://bugzilla.redhat.com/show_bug.cgi?id=2077081

https://bugzilla.redhat.com/show_bug.cgi?id=2077633

https://bugzilla.redhat.com/show_bug.cgi?id=2080386

https://bugzilla.redhat.com/show_bug.cgi?id=2081494

https://bugzilla.redhat.com/show_bug.cgi?id=2081777

https://bugzilla.redhat.com/show_bug.cgi?id=2129432

https://bugzilla.redhat.com/show_bug.cgi?id=2130173

https://bugzilla.redhat.com/show_bug.cgi?id=2130871

https://bugzilla.redhat.com/show_bug.cgi?id=2131990

https://bugzilla.redhat.com/show_bug.cgi?id=2134436

https://bugzilla.redhat.com/show_bug.cgi?id=2135215

https://bugzilla.redhat.com/show_bug.cgi?id=2135498

https://bugzilla.redhat.com/show_bug.cgi?id=2135722

https://bugzilla.redhat.com/show_bug.cgi?id=2138172

https://bugzilla.redhat.com/show_bug.cgi?id=2140577

https://bugzilla.redhat.com/show_bug.cgi?id=2140636

https://bugzilla.redhat.com/show_bug.cgi?id=2143051

https://bugzilla.redhat.com/show_bug.cgi?id=2143290

https://bugzilla.redhat.com/show_bug.cgi?id=2145254

https://bugzilla.redhat.com/show_bug.cgi?id=2152951

https://bugzilla.redhat.com/show_bug.cgi?id=2154917

https://bugzilla.redhat.com/show_bug.cgi?id=2156522

https://bugzilla.redhat.com/show_bug.cgi?id=2158510

https://bugzilla.redhat.com/show_bug.cgi?id=2158526

https://bugzilla.redhat.com/show_bug.cgi?id=2158702

https://bugzilla.redhat.com/show_bug.cgi?id=2158780

https://bugzilla.redhat.com/show_bug.cgi?id=2159104

https://bugzilla.redhat.com/show_bug.cgi?id=2171180

https://bugzilla.redhat.com/show_bug.cgi?id=2172355

https://bugzilla.redhat.com/show_bug.cgi?id=2172564

https://bugzilla.redhat.com/show_bug.cgi?id=2173159

https://bugzilla.redhat.com/show_bug.cgi?id=2173199

https://bugzilla.redhat.com/show_bug.cgi?id=2173535

https://bugzilla.redhat.com/show_bug.cgi?id=2173671

https://bugzilla.redhat.com/show_bug.cgi?id=2173692

https://bugzilla.redhat.com/show_bug.cgi?id=2173757

http://www.nessus.org/u?0d5b3ed5

https://access.redhat.com/security/updates/classification/#important

https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

https://bugzilla.redhat.com/show_bug.cgi?id=1265120

https://bugzilla.redhat.com/show_bug.cgi?id=1726504

https://bugzilla.redhat.com/show_bug.cgi?id=1735722

https://bugzilla.redhat.com/show_bug.cgi?id=1813953

https://bugzilla.redhat.com/show_bug.cgi?id=2082001

https://bugzilla.redhat.com/show_bug.cgi?id=2088559

https://bugzilla.redhat.com/show_bug.cgi?id=2090620

https://bugzilla.redhat.com/show_bug.cgi?id=2094301

https://bugzilla.redhat.com/show_bug.cgi?id=2096942

https://bugzilla.redhat.com/show_bug.cgi?id=2097310

https://bugzilla.redhat.com/show_bug.cgi?id=2103424

https://bugzilla.redhat.com/show_bug.cgi?id=2105676

https://bugzilla.redhat.com/show_bug.cgi?id=2106473

https://bugzilla.redhat.com/show_bug.cgi?id=2116369

https://bugzilla.redhat.com/show_bug.cgi?id=2117760

https://bugzilla.redhat.com/show_bug.cgi?id=2122872

https://bugzilla.redhat.com/show_bug.cgi?id=2123306

https://bugzilla.redhat.com/show_bug.cgi?id=2124658

https://bugzilla.redhat.com/show_bug.cgi?id=2125366

https://bugzilla.redhat.com/show_bug.cgi?id=2127134

https://bugzilla.redhat.com/show_bug.cgi?id=2159105

https://bugzilla.redhat.com/show_bug.cgi?id=2159291

https://bugzilla.redhat.com/show_bug.cgi?id=2159672

https://bugzilla.redhat.com/show_bug.cgi?id=2159839

https://bugzilla.redhat.com/show_bug.cgi?id=2161209

https://bugzilla.redhat.com/show_bug.cgi?id=2161274

https://bugzilla.redhat.com/show_bug.cgi?id=2161993

https://bugzilla.redhat.com/show_bug.cgi?id=2164359

https://bugzilla.redhat.com/show_bug.cgi?id=2164400

https://bugzilla.redhat.com/show_bug.cgi?id=2164714

https://bugzilla.redhat.com/show_bug.cgi?id=2164719

https://bugzilla.redhat.com/show_bug.cgi?id=2164722

https://bugzilla.redhat.com/show_bug.cgi?id=2164730

https://bugzilla.redhat.com/show_bug.cgi?id=2164736

https://bugzilla.redhat.com/show_bug.cgi?id=2164785

https://bugzilla.redhat.com/show_bug.cgi?id=2164789

https://bugzilla.redhat.com/show_bug.cgi?id=2164799

https://bugzilla.redhat.com/show_bug.cgi?id=2164800

https://bugzilla.redhat.com/show_bug.cgi?id=2165107

https://bugzilla.redhat.com/show_bug.cgi?id=2165866

https://bugzilla.redhat.com/show_bug.cgi?id=2165906

https://bugzilla.redhat.com/show_bug.cgi?id=2166404

https://bugzilla.redhat.com/show_bug.cgi?id=2166435

https://bugzilla.redhat.com/show_bug.cgi?id=2166466

https://bugzilla.redhat.com/show_bug.cgi?id=2166640

https://bugzilla.redhat.com/show_bug.cgi?id=2167097

https://bugzilla.redhat.com/show_bug.cgi?id=2167146

https://bugzilla.redhat.com/show_bug.cgi?id=2167371

https://bugzilla.redhat.com/show_bug.cgi?id=2167396

https://bugzilla.redhat.com/show_bug.cgi?id=2168414

https://bugzilla.redhat.com/show_bug.cgi?id=2169322

https://bugzilla.redhat.com/show_bug.cgi?id=2169385

https://bugzilla.redhat.com/show_bug.cgi?id=2169682

https://bugzilla.redhat.com/show_bug.cgi?id=2169847

https://bugzilla.redhat.com/show_bug.cgi?id=2170125

https://bugzilla.redhat.com/show_bug.cgi?id=2170127

https://bugzilla.redhat.com/show_bug.cgi?id=2170485

https://bugzilla.redhat.com/show_bug.cgi?id=2170535

https://bugzilla.redhat.com/show_bug.cgi?id=2170917

https://bugzilla.redhat.com/show_bug.cgi?id=2174367

https://bugzilla.redhat.com/show_bug.cgi?id=2174912

https://bugzilla.redhat.com/show_bug.cgi?id=2176214

https://bugzilla.redhat.com/show_bug.cgi?id=2176368

https://bugzilla.redhat.com/show_bug.cgi?id=2176477

https://bugzilla.redhat.com/show_bug.cgi?id=2176870

https://bugzilla.redhat.com/show_bug.cgi?id=2178133

https://bugzilla.redhat.com/show_bug.cgi?id=2178176

https://bugzilla.redhat.com/show_bug.cgi?id=2178307

https://bugzilla.redhat.com/show_bug.cgi?id=2178645

https://bugzilla.redhat.com/show_bug.cgi?id=2178734

https://bugzilla.redhat.com/show_bug.cgi?id=2178775

https://bugzilla.redhat.com/show_bug.cgi?id=2179574

https://bugzilla.redhat.com/show_bug.cgi?id=2213486

https://bugzilla.redhat.com/show_bug.cgi?id=2213515

https://bugzilla.redhat.com/show_bug.cgi?id=2213579

https://bugzilla.redhat.com/show_bug.cgi?id=2214578

https://bugzilla.redhat.com/show_bug.cgi?id=2215081

https://bugzilla.redhat.com/show_bug.cgi?id=2215093

https://bugzilla.redhat.com/show_bug.cgi?id=2215238

https://bugzilla.redhat.com/show_bug.cgi?id=2215294

https://bugzilla.redhat.com/show_bug.cgi?id=2215426

https://bugzilla.redhat.com/show_bug.cgi?id=2215954

https://bugzilla.redhat.com/show_bug.cgi?id=2215986

https://bugzilla.redhat.com/show_bug.cgi?id=2216194

https://bugzilla.redhat.com/show_bug.cgi?id=2216461

https://bugzilla.redhat.com/show_bug.cgi?id=2216564

https://bugzilla.redhat.com/show_bug.cgi?id=2216757

https://bugzilla.redhat.com/show_bug.cgi?id=2216907

https://bugzilla.redhat.com/show_bug.cgi?id=2217942

https://bugzilla.redhat.com/show_bug.cgi?id=2218004

https://bugzilla.redhat.com/show_bug.cgi?id=2179649

https://bugzilla.redhat.com/show_bug.cgi?id=2179721

https://bugzilla.redhat.com/show_bug.cgi?id=2179725

https://bugzilla.redhat.com/show_bug.cgi?id=2180490

https://bugzilla.redhat.com/show_bug.cgi?id=2180760

https://bugzilla.redhat.com/show_bug.cgi?id=2180865

https://bugzilla.redhat.com/show_bug.cgi?id=2180954

https://bugzilla.redhat.com/show_bug.cgi?id=2181226

https://bugzilla.redhat.com/show_bug.cgi?id=2181254

https://bugzilla.redhat.com/show_bug.cgi?id=2181602

https://bugzilla.redhat.com/show_bug.cgi?id=2182353

https://bugzilla.redhat.com/show_bug.cgi?id=2183172

https://bugzilla.redhat.com/show_bug.cgi?id=2183357

https://bugzilla.redhat.com/show_bug.cgi?id=2184278

https://bugzilla.redhat.com/show_bug.cgi?id=2186713

https://bugzilla.redhat.com/show_bug.cgi?id=2186765

https://bugzilla.redhat.com/show_bug.cgi?id=2187599

https://bugzilla.redhat.com/show_bug.cgi?id=2187613

https://bugzilla.redhat.com/show_bug.cgi?id=2187903

https://bugzilla.redhat.com/show_bug.cgi?id=2187967

https://bugzilla.redhat.com/show_bug.cgi?id=2188504

https://bugzilla.redhat.com/show_bug.cgi?id=2188721

https://bugzilla.redhat.com/show_bug.cgi?id=2192565

https://bugzilla.redhat.com/show_bug.cgi?id=2192583

https://bugzilla.redhat.com/show_bug.cgi?id=2192841

https://bugzilla.redhat.com/show_bug.cgi?id=2193088

https://bugzilla.redhat.com/show_bug.cgi?id=2193451

https://bugzilla.redhat.com/show_bug.cgi?id=2196076

https://bugzilla.redhat.com/show_bug.cgi?id=2196085

https://bugzilla.redhat.com/show_bug.cgi?id=2196436

https://bugzilla.redhat.com/show_bug.cgi?id=2196540

https://bugzilla.redhat.com/show_bug.cgi?id=2196775

https://bugzilla.redhat.com/show_bug.cgi?id=2203093

https://bugzilla.redhat.com/show_bug.cgi?id=2203183

https://bugzilla.redhat.com/show_bug.cgi?id=2207782

https://bugzilla.redhat.com/show_bug.cgi?id=2208161

https://bugzilla.redhat.com/show_bug.cgi?id=2208535

https://bugzilla.redhat.com/show_bug.cgi?id=2209037

https://bugzilla.redhat.com/show_bug.cgi?id=2209469

https://bugzilla.redhat.com/show_bug.cgi?id=2209938

https://bugzilla.redhat.com/show_bug.cgi?id=2210284

https://bugzilla.redhat.com/show_bug.cgi?id=2210297

https://bugzilla.redhat.com/show_bug.cgi?id=2211210

https://bugzilla.redhat.com/show_bug.cgi?id=2211394

https://bugzilla.redhat.com/show_bug.cgi?id=2211437

https://bugzilla.redhat.com/show_bug.cgi?id=2211484

https://bugzilla.redhat.com/show_bug.cgi?id=2211502

https://bugzilla.redhat.com/show_bug.cgi?id=2211711

https://bugzilla.redhat.com/show_bug.cgi?id=2211966

https://bugzilla.redhat.com/show_bug.cgi?id=2212148

https://bugzilla.redhat.com/show_bug.cgi?id=2212523

https://bugzilla.redhat.com/show_bug.cgi?id=2212630

https://bugzilla.redhat.com/show_bug.cgi?id=2212740

https://bugzilla.redhat.com/show_bug.cgi?id=2212756

https://bugzilla.redhat.com/show_bug.cgi?id=2212812

https://bugzilla.redhat.com/show_bug.cgi?id=2212996

https://bugzilla.redhat.com/show_bug.cgi?id=2213088

https://bugzilla.redhat.com/show_bug.cgi?id=2213128

https://bugzilla.redhat.com/show_bug.cgi?id=2213190

https://bugzilla.redhat.com/show_bug.cgi?id=2213246

https://bugzilla.redhat.com/show_bug.cgi?id=2213281

https://bugzilla.redhat.com/show_bug.cgi?id=2213582

https://bugzilla.redhat.com/show_bug.cgi?id=2213768

https://bugzilla.redhat.com/show_bug.cgi?id=2213777

https://bugzilla.redhat.com/show_bug.cgi?id=2213804

https://bugzilla.redhat.com/show_bug.cgi?id=2214261

https://bugzilla.redhat.com/show_bug.cgi?id=2214272

https://bugzilla.redhat.com/show_bug.cgi?id=2214274

https://bugzilla.redhat.com/show_bug.cgi?id=2214290

https://bugzilla.redhat.com/show_bug.cgi?id=2220965

https://bugzilla.redhat.com/show_bug.cgi?id=2220969

https://bugzilla.redhat.com/show_bug.cgi?id=2220978

https://bugzilla.redhat.com/show_bug.cgi?id=2221291

https://bugzilla.redhat.com/show_bug.cgi?id=2221407

https://bugzilla.redhat.com/show_bug.cgi?id=2221621

https://bugzilla.redhat.com/show_bug.cgi?id=2221983

https://bugzilla.redhat.com/show_bug.cgi?id=2222167

https://bugzilla.redhat.com/show_bug.cgi?id=2222444

https://bugzilla.redhat.com/show_bug.cgi?id=2222446

https://bugzilla.redhat.com/show_bug.cgi?id=2222447

https://bugzilla.redhat.com/show_bug.cgi?id=2222705

https://bugzilla.redhat.com/show_bug.cgi?id=2222839

https://bugzilla.redhat.com/show_bug.cgi?id=2222890

https://bugzilla.redhat.com/show_bug.cgi?id=2222907

https://bugzilla.redhat.com/show_bug.cgi?id=2222979

https://bugzilla.redhat.com/show_bug.cgi?id=2223048

https://bugzilla.redhat.com/show_bug.cgi?id=2218307

https://bugzilla.redhat.com/show_bug.cgi?id=2218625

https://bugzilla.redhat.com/show_bug.cgi?id=2218878

https://bugzilla.redhat.com/show_bug.cgi?id=2218930

https://bugzilla.redhat.com/show_bug.cgi?id=2218932

https://bugzilla.redhat.com/show_bug.cgi?id=2219648

https://access.redhat.com/errata/RHSA-2023:6818

https://bugzilla.redhat.com/show_bug.cgi?id=2223050

https://bugzilla.redhat.com/show_bug.cgi?id=2223618

https://bugzilla.redhat.com/show_bug.cgi?id=2223707

https://bugzilla.redhat.com/show_bug.cgi?id=2223891

https://bugzilla.redhat.com/show_bug.cgi?id=2223996

https://bugzilla.redhat.com/show_bug.cgi?id=2224031

https://bugzilla.redhat.com/show_bug.cgi?id=2224113

https://bugzilla.redhat.com/show_bug.cgi?id=2224334

https://bugzilla.redhat.com/show_bug.cgi?id=2224494

https://bugzilla.redhat.com/show_bug.cgi?id=2224498

https://bugzilla.redhat.com/show_bug.cgi?id=2225090

https://bugzilla.redhat.com/show_bug.cgi?id=2225141

https://bugzilla.redhat.com/show_bug.cgi?id=2225333

https://bugzilla.redhat.com/show_bug.cgi?id=2225383

https://bugzilla.redhat.com/show_bug.cgi?id=2225402

https://bugzilla.redhat.com/show_bug.cgi?id=2225406

https://bugzilla.redhat.com/show_bug.cgi?id=2225409

https://bugzilla.redhat.com/show_bug.cgi?id=2226950

https://bugzilla.redhat.com/show_bug.cgi?id=2227028

https://bugzilla.redhat.com/show_bug.cgi?id=2227093

https://bugzilla.redhat.com/show_bug.cgi?id=2227271

https://bugzilla.redhat.com/show_bug.cgi?id=2227338

https://bugzilla.redhat.com/show_bug.cgi?id=2228287

https://bugzilla.redhat.com/show_bug.cgi?id=2229788

https://bugzilla.redhat.com/show_bug.cgi?id=2229897

https://bugzilla.redhat.com/show_bug.cgi?id=2230584

https://bugzilla.redhat.com/show_bug.cgi?id=2230934

https://bugzilla.redhat.com/show_bug.cgi?id=2231363

https://bugzilla.redhat.com/show_bug.cgi?id=2231474

https://bugzilla.redhat.com/show_bug.cgi?id=2232370

https://bugzilla.redhat.com/show_bug.cgi?id=2232775

https://bugzilla.redhat.com/show_bug.cgi?id=2234444

https://bugzilla.redhat.com/show_bug.cgi?id=2235231

https://bugzilla.redhat.com/show_bug.cgi?id=2236685

https://bugzilla.redhat.com/show_bug.cgi?id=2239115

https://bugzilla.redhat.com/show_bug.cgi?id=2242803

https://bugzilla.redhat.com/show_bug.cgi?id=2243296

https://bugzilla.redhat.com/show_bug.cgi?id=2245056

https://bugzilla.redhat.com/show_bug.cgi?id=2245930

Plugin Details

Severity: Critical

ID: 194436

File Name: redhat-RHSA-2023-6818.nasl

Version: 1.3

Type: local

Agent: unix

Published: 4/29/2024

Updated: 11/7/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

Vendor

Vendor Severity: Important

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS Score Source: CVE-2022-2068

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2023-40267

CVSS v4

Risk Factor: Critical

Base Score: 9.3

Threat Score: 9.3

Threat Vector: CVSS:4.0/E:A

Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

CVSS Score Source: CVE-2023-44487

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:yggdrasil-worker-forwarder, p-cpe:/a:redhat:enterprise_linux:foreman-service, p-cpe:/a:redhat:enterprise_linux:python-gitpython, p-cpe:/a:redhat:enterprise_linux:foreman-vmware, p-cpe:/a:redhat:enterprise_linux:foreman, p-cpe:/a:redhat:enterprise_linux:foreman-telemetry, p-cpe:/a:redhat:enterprise_linux:python-future, p-cpe:/a:redhat:enterprise_linux:python39-django, p-cpe:/a:redhat:enterprise_linux:foreman-postgresql, p-cpe:/a:redhat:enterprise_linux:foreman-dynflow-sidekiq, p-cpe:/a:redhat:enterprise_linux:python39-future, p-cpe:/a:redhat:enterprise_linux:rubygem-git, p-cpe:/a:redhat:enterprise_linux:foreman-ec2, p-cpe:/a:redhat:enterprise_linux:rubygem-activesupport, p-cpe:/a:redhat:enterprise_linux:rubygem-activerecord, p-cpe:/a:redhat:enterprise_linux:foreman-openstack, p-cpe:/a:redhat:enterprise_linux:foreman-cli, p-cpe:/a:redhat:enterprise_linux:puppet-agent, p-cpe:/a:redhat:enterprise_linux:python-requests, p-cpe:/a:redhat:enterprise_linux:python39-gitpython, p-cpe:/a:redhat:enterprise_linux:rubygem-actionpack, cpe:/o:redhat:enterprise_linux:8, p-cpe:/a:redhat:enterprise_linux:python-sqlparse, p-cpe:/a:redhat:enterprise_linux:rubygem-kubeclient, p-cpe:/a:redhat:enterprise_linux:python-pulp-ansible, p-cpe:/a:redhat:enterprise_linux:python39-pulp-ansible, p-cpe:/a:redhat:enterprise_linux:foreman-journald, p-cpe:/a:redhat:enterprise_linux:foreman-redis, p-cpe:/a:redhat:enterprise_linux:foreman-ovirt, p-cpe:/a:redhat:enterprise_linux:puppetserver, p-cpe:/a:redhat:enterprise_linux:python39-requests, p-cpe:/a:redhat:enterprise_linux:python39-sqlparse, p-cpe:/a:redhat:enterprise_linux:python-django, p-cpe:/a:redhat:enterprise_linux:foreman-libvirt, p-cpe:/a:redhat:enterprise_linux:rubygem-globalid, p-cpe:/a:redhat:enterprise_linux:foreman-debug, p-cpe:/a:redhat:enterprise_linux:rubygem-rack

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 11/8/2023

Vulnerability Publication Date: 3/25/2022

CISA Known Exploited Vulnerability Due Dates: 10/31/2023

Reference Information

CVE: CVE-2022-0759, CVE-2022-1292, CVE-2022-2068, CVE-2022-3644, CVE-2022-3874, CVE-2022-40899, CVE-2022-4130, CVE-2022-41717, CVE-2022-44566, CVE-2022-44570, CVE-2022-44571, CVE-2022-44572, CVE-2022-46648, CVE-2022-47318, CVE-2023-0118, CVE-2023-0119, CVE-2023-1894, CVE-2023-22792, CVE-2023-22794, CVE-2023-22795, CVE-2023-22796, CVE-2023-22799, CVE-2023-27530, CVE-2023-27539, CVE-2023-29406, CVE-2023-30608, CVE-2023-31047, CVE-2023-32681, CVE-2023-36053, CVE-2023-39325, CVE-2023-40267, CVE-2023-44487

CWE: 113, 1333, 20, 256, 295, 400, 402, 77, 770, 78, 79, 89, 918, 94

RHSA: 2023:6818