Detections
Analytics

RHEL 9 : RHOSP 17.1.4 (openstack-tripleo-heat-templates) (RHSA-2024:9978)

medium Nessus Plugin ID 211791

Synopsis

The remote Red Hat host is missing a security update for RHOSP 17.1.4 (openstack-tripleo-heat-templates).

Description

The remote Redhat Enterprise Linux 9 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:9978 advisory.

 Heat templates for TripleO

 Security Fix(es):

 * cleartext passwords exposed in logs (CVE-2024-4840)

 For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

Solution

Update the RHEL RHOSP 17.1.4 (openstack-tripleo-heat-templates) package based on the guidance in RHSA-2024:9978.

See Also

https://access.redhat.com/security/updates/classification/#moderate

https://bugzilla.redhat.com/show_bug.cgi?id=2235206

https://bugzilla.redhat.com/show_bug.cgi?id=2242069

https://bugzilla.redhat.com/show_bug.cgi?id=2243267

https://bugzilla.redhat.com/show_bug.cgi?id=2247302

https://bugzilla.redhat.com/show_bug.cgi?id=2249881

https://bugzilla.redhat.com/show_bug.cgi?id=2252442

https://bugzilla.redhat.com/show_bug.cgi?id=2255302

https://bugzilla.redhat.com/show_bug.cgi?id=2264238

https://bugzilla.redhat.com/show_bug.cgi?id=2269219

https://bugzilla.redhat.com/show_bug.cgi?id=2274355

https://bugzilla.redhat.com/show_bug.cgi?id=2275307

https://bugzilla.redhat.com/show_bug.cgi?id=2276136

https://bugzilla.redhat.com/show_bug.cgi?id=2276592

https://bugzilla.redhat.com/show_bug.cgi?id=2276865

https://bugzilla.redhat.com/show_bug.cgi?id=2278019

https://bugzilla.redhat.com/show_bug.cgi?id=2279464

https://bugzilla.redhat.com/show_bug.cgi?id=2279998

https://bugzilla.redhat.com/show_bug.cgi?id=2280249

https://bugzilla.redhat.com/show_bug.cgi?id=2284645

https://bugzilla.redhat.com/show_bug.cgi?id=2290685

https://bugzilla.redhat.com/show_bug.cgi?id=2293048

https://bugzilla.redhat.com/show_bug.cgi?id=2293735

https://bugzilla.redhat.com/show_bug.cgi?id=2295402

https://bugzilla.redhat.com/show_bug.cgi?id=2295757

https://bugzilla.redhat.com/show_bug.cgi?id=2295948

https://bugzilla.redhat.com/show_bug.cgi?id=2302191

https://bugzilla.redhat.com/show_bug.cgi?id=2303551

https://bugzilla.redhat.com/show_bug.cgi?id=2304312

https://bugzilla.redhat.com/show_bug.cgi?id=2305981

https://bugzilla.redhat.com/show_bug.cgi?id=2306489

https://bugzilla.redhat.com/show_bug.cgi?id=2307256

https://bugzilla.redhat.com/show_bug.cgi?id=2307307

https://bugzilla.redhat.com/show_bug.cgi?id=2310427

https://bugzilla.redhat.com/show_bug.cgi?id=2311465

https://bugzilla.redhat.com/show_bug.cgi?id=2313372

https://bugzilla.redhat.com/show_bug.cgi?id=2313502

https://bugzilla.redhat.com/show_bug.cgi?id=2314658

https://bugzilla.redhat.com/show_bug.cgi?id=2316083

https://bugzilla.redhat.com/show_bug.cgi?id=2320400

http://www.nessus.org/u?fd4eef45

https://access.redhat.com/errata/RHSA-2024:9978

Plugin Details

Severity: Medium

ID: 211791

File Name: redhat-RHSA-2024-9978.nasl

Version: 1.1

Type: local

Agent: unix

Published: 11/25/2024

Updated: 11/25/2024

Supported Sensors: Agentless Assessment, Continuous Assessment, Frictionless Assessment Agent, Frictionless Assessment AWS, Frictionless Assessment Azure, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 3.6

Vendor

Vendor Severity: Moderate

CVSS v2

Risk Factor: Medium

Base Score: 4.6

Temporal Score: 3.4

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:N/A:N

CVSS Score Source: CVE-2024-4840

CVSS v3

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:redhat:enterprise_linux:openstack-tripleo-heat-templates, cpe:/o:redhat:enterprise_linux:9

Required KB Items: Host/local_checks_enabled, Host/RedHat/release, Host/RedHat/rpm-list, Host/cpu

Exploit Ease: No known exploits are available

Patch Publication Date: 11/21/2024

Vulnerability Publication Date: 5/13/2024

Reference Information

CVE: CVE-2024-4840

CWE: 312

RHSA: 2024:9978