It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-338 advisory.

  - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient     to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  - The HTTP/1 client does not fully validate the contents of the Host header. A maliciously crafted Host     header can inject additional headers or entire requests. With fix, the HTTP/1 client now refuses to send     requests containing an invalid Request.Host or Request.URL.Host value. (CVE-2023-29406)

  - Extremely large RSA keys in certificate chains can cause a client/server to expend significant CPU time     verifying signatures. With fix, the size of RSA keys transmitted during handshakes is restricted to <=     8192 bits. Based on a survey of publicly trusted RSA keys, there are currently only three certificates in     circulation with keys larger than this, and all three appear to be test certificates that are not actively     deployed. It is possible there are larger keys in use in private PKIs, but we target the web PKI, so     causing breakage here in the interests of increasing the default safety of users of crypto/tls seems     reasonable. (CVE-2023-29409)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2023:7058 advisory.

    rhc is a client tool and daemon that connects the system to Red Hat hosted services enabling system and     subscription management.

    Security Fix(es):

    * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:0948 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing     Kubernetes application platform solution designed for on-premise or private     cloud deployments.
    Security Fix(es):

    * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK     decoding (CVE-2022-41723)

    For more details about the security issue(s), including the impact, a CVSS     score, acknowledgments, and other related information, refer to the CVE     page(s)     listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 40 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-654e0ddfd8 advisory.

    Automatic update for golang-github-prometheus-node-exporter-1.6.1-1.fc40.

    ##### **Changelog**

    ```
    * Thu Nov  9 2023 Mikel Olasagasti Uranga <mikel@olasagasti.info> - 1.6.1-1
    - Update to 1.6.1 - Closes rhbz#2210487 rhbz#2178447 rhbz#2163209

    ```

Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0869-1 advisory.

  - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient     to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS     handshake records which cause servers and clients, respectively, to panic when attempting to construct     responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption     (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client     certificates (by setting Config.ClientAuth >= RequestClientCert). (CVE-2022-41724)

  - A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
    Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory     and disk files. This also affects form parsing in the net/http package with the Request methods FormFile,     FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented     as storing up to maxMemory bytes +10MB (reserved for non-file parts) in memory. File parts which cannot     be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file     parts is excessively large and can potentially open a denial of service vector on its own. However,     ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead,     part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In     addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small     request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts     for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory     bytes of memory consumption. Users should still be aware that this limit is high and may still be     hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form     parts into a single temporary file. The mime/multipart.File interface type's documentation states, If     stored on disk, the File's underlying concrete type will be an *os.File.. This is no longer the case when     a form contains more than one file part, due to this coalescing of parts into a single file. The previous     behavior of using distinct files for each form part may be reenabled with the environment variable     GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request     methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the     size of form data with http.MaxBytesReader. (CVE-2022-41725)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLES15 / SLES_SAP15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0871-1 advisory.

  - On Windows, restricted files can be accessed via os.DirFS and http.Dir. The os.DirFS function and http.Dir     type provide access to a tree of files rooted at a given directory. These functions permit access to     Windows device files under that root. For example, os.DirFS(C:/tmp).Open(COM1) opens the COM1 device.
    Both os.DirFS and http.Dir only provide read-only filesystem access. In addition, on Windows, an os.DirFS     for the directory (the root of the current drive) can permit a maliciously crafted path to escape from the     drive and access any path on the system. With fix applied, the behavior of os.DirFS() has changed.
    Previously, an empty root was treated equivalently to /, so os.DirFS().Open(tmp) would open the path     /tmp. This now returns an error. (CVE-2022-41720)

  - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient     to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS     handshake records which cause servers and clients, respectively, to panic when attempting to construct     responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption     (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client     certificates (by setting Config.ClientAuth >= RequestClientCert). (CVE-2022-41724)

  - A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
    Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory     and disk files. This also affects form parsing in the net/http package with the Request methods FormFile,     FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented     as storing up to maxMemory bytes +10MB (reserved for non-file parts) in memory. File parts which cannot     be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file     parts is excessively large and can potentially open a denial of service vector on its own. However,     ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead,     part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In     addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small     request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts     for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory     bytes of memory consumption. Users should still be aware that this limit is high and may still be     hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form     parts into a single temporary file. The mime/multipart.File interface type's documentation states, If     stored on disk, the File's underlying concrete type will be an *os.File.. This is no longer the case when     a form contains more than one file part, due to this coalescing of parts into a single file. The previous     behavior of using distinct files for each form part may be reenabled with the environment variable     GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request     methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the     size of form data with http.MaxBytesReader. (CVE-2022-41725)

  - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with     some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages     of crypto/ecdsa or crypto/ecdh. (CVE-2023-24532)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Fedora 36 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-abb47e24d8 advisory.

    Rebuild for CVE-20220-{3064,41717,41723}


Tenable has extracted the preceding description block directly from the Fedora security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:3612 advisory.

    Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution     designed for on-premise or private cloud deployments.

    This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.4. See the following     advisory for the container images for this release:

    https://access.redhat.com/errata/RHSA-2023:3614

    Security Fix(es):

    * golang: html/template: improper handling of JavaScript whitespace     (CVE-2023-24540)

    * golang: net/http: excessive memory growth in a Go server accepting HTTP/2     requests (CVE-2022-41717)

    * golang: crypto/tls: large handshake records may cause panics     (CVE-2022-41724)

    * golang: net/http, mime/multipart: denial of service from excessive     resource consumption (CVE-2022-41725)

    * golang: net/http, net/textproto: denial of service from excessive memory     allocation (CVE-2023-24534)

    * golang: net/http, net/textproto, mime/multipart: denial of service from     excessive resource consumption (CVE-2023-24536)

    * golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

    * golang: html/template: backticks not treated as string delimiters     (CVE-2023-24538)

    * runc: volume mount race condition (regression of CVE 2019-19921)     (CVE-2023-27561)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    All OpenShift Container Platform 4.13 users are advised to upgrade to these updated packages and images     when they are available in the appropriate release channel. To check for available updates, use the     OpenShift CLI (oc) or web console. Instructions for upgrading a cluster are available at     https://docs.openshift.com/container-platform/4.13/updating/updating-cluster-cli.html

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6346 advisory.

    Toolbox is a tool for Linux operating systems, which allows the use of containerized command line     environments. It is built on top of Podman and other standard container technologies from OCI.

    Security Fix(es):

    * go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents     (CVE-2022-3064)

    * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

    * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

    * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

    * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption     (CVE-2023-24536)

    * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

    * golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

    * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

    * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.3 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2023:0735-1 advisory.

  - A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean     function could transform an invalid path such as a/../c:/b into the valid path c:\b. This     transformation of a relative (if invalid) path into an absolute path could enable a directory traversal     attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid)     path .\c:\b. (CVE-2022-41722)

  - A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient     to cause a denial of service from a small number of small requests. (CVE-2022-41723)

  - Large handshake records may cause panics in crypto/tls. Both clients and servers may send large TLS     handshake records which cause servers and clients, respectively, to panic when attempting to construct     responses. This affects all TLS 1.3 clients, TLS 1.2 clients which explicitly enable session resumption     (by setting Config.ClientSessionCache to a non-nil value), and TLS 1.3 servers which request client     certificates (by setting Config.ClientAuth >= RequestClientCert). (CVE-2022-41724)

  - A denial of service is possible from excessive resource consumption in net/http and mime/multipart.
    Multipart form parsing with mime/multipart.Reader.ReadForm can consume largely unlimited amounts of memory     and disk files. This also affects form parsing in the net/http package with the Request methods FormFile,     FormValue, ParseMultipartForm, and PostFormValue. ReadForm takes a maxMemory parameter, and is documented     as storing up to maxMemory bytes +10MB (reserved for non-file parts) in memory. File parts which cannot     be stored in memory are stored on disk in temporary files. The unconfigurable 10MB reserved for non-file     parts is excessively large and can potentially open a denial of service vector on its own. However,     ReadForm did not properly account for all memory consumed by a parsed form, such as map entry overhead,     part names, and MIME headers, permitting a maliciously crafted form to consume well over 10MB. In     addition, ReadForm contained no limit on the number of disk files created, permitting a relatively small     request body to create a large number of disk temporary files. With fix, ReadForm now properly accounts     for various forms of memory overhead, and should now stay within its documented limit of 10MB + maxMemory     bytes of memory consumption. Users should still be aware that this limit is high and may still be     hazardous. In addition, ReadForm now creates at most one on-disk temporary file, combining multiple form     parts into a single temporary file. The mime/multipart.File interface type's documentation states, If     stored on disk, the File's underlying concrete type will be an *os.File.. This is no longer the case when     a form contains more than one file part, due to this coalescing of parts into a single file. The previous     behavior of using distinct files for each form part may be reenabled with the environment variable     GODEBUG=multipartfiles=distinct. Users should be aware that multipart.ReadForm and the http.Request     methods that call it do not limit the amount of disk consumed by temporary files. Callers can limit the     size of form data with http.MaxBytesReader. (CVE-2022-41725)

  - The ScalarMult and ScalarBaseMult methods of the P256 Curve may return an incorrect result if called with     some specific unreduced scalars (a scalar larger than the order of the curve). This does not impact usages     of crypto/ecdsa or crypto/ecdh. (CVE-2023-24532)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2023:6938 advisory.

    The container-tools module contains tools for working with containers, notably podman, buildah, skopeo,     and runc.

    Security Fix(es):

    * go-yaml: Improve heuristics preventing CPU/memory abuse by parsing malicious or large YAML documents     (CVE-2022-3064)

    * golang: html/template: improper handling of JavaScript whitespace (CVE-2023-24540)

    * net/http, golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding (CVE-2022-41723)

    * golang: crypto/tls: large handshake records may cause panics (CVE-2022-41724)

    * golang: net/http, mime/multipart: denial of service from excessive resource consumption (CVE-2022-41725)

    * golang.org/x/net/html: Cross site scripting (CVE-2023-3978)

    * golang: net/http, net/textproto: denial of service from excessive memory allocation (CVE-2023-24534)

    * golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption     (CVE-2023-24536)

    * golang: go/parser: Infinite loop in parsing (CVE-2023-24537)

    * golang: html/template: backticks not treated as string delimiters (CVE-2023-24538)

    * golang: html/template: improper sanitization of CSS values (CVE-2023-24539)

    * runc: Rootless runc makes `/sys/fs/cgroup` writable (CVE-2023-25809)

    * runc: volume mount race condition (regression of CVE-2019-19921) (CVE-2023-27561)

    * runc: AppArmor can be bypassed when `/proc` inside the container is symlinked with a specific mount     configuration (CVE-2023-28642)

    * golang: html/template: improper handling of empty HTML attributes (CVE-2023-29400)

    * golang: net/http: insufficient sanitization of Host header (CVE-2023-29406)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and     other related information, refer to the CVE page(s) listed in the References section.

    Additional Changes:

    For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.9 Release Notes     linked from the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Published	Updated	Severity
181139	Amazon Linux 2023 : cni-plugins (ALAS2023-2023-338)	Nessus	Amazon Linux Local Security Checks	9/8/2023	9/15/2023	medium
185664	RHEL 8 : rhc (RHSA-2023:7058)	Nessus	Red Hat Local Security Checks	11/14/2023	11/7/2024	high
191091	RHEL 8 / 9 : OpenShift Container Platform 4.13.35 (RHSA-2024:0948)	Nessus	Red Hat Local Security Checks	2/28/2024	11/8/2024	high
194546	Fedora 40 : golang-github-prometheus-node-exporter (2023-654e0ddfd8)	Nessus	Fedora Local Security Checks	4/29/2024	11/14/2024	high
173286	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.18 (SUSE-SU-2023:0869-1)	Nessus	SuSE Local Security Checks	3/23/2023	7/14/2023	high
173289	SUSE SLES15 Security Update : container-suseconnect (SUSE-SU-2023:0871-1)	Nessus	SuSE Local Security Checks	3/23/2023	7/14/2023	high
173394	Fedora 36 : gmailctl (2023-abb47e24d8)	Nessus	Fedora Local Security Checks	3/24/2023	11/14/2024	high
194287	RHEL 8 / 9 : OpenShift Container Platform 4.13.4 (RHSA-2023:3612)	Nessus	Red Hat Local Security Checks	4/28/2024	11/7/2024	critical
185100	RHEL 9 : toolbox (RHSA-2023:6346)	Nessus	Red Hat Local Security Checks	11/7/2023	11/7/2024	critical
172571	SUSE SLED15 / SLES15 / openSUSE 15 Security Update : go1.20 (SUSE-SU-2023:0735-1)	Nessus	SuSE Local Security Checks	3/15/2023	7/14/2023	high
185685	RHEL 8 : container-tools:4.0 (RHSA-2023:6938)	Nessus	Red Hat Local Security Checks	11/14/2023	11/7/2024	critical

Detections

Analytics

Plugins Search

medium

high

high

high

high

high

high

critical

critical

high

critical