Vulnerabilities > CVE-2018-17246 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

047910
CVSS 9.8 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH
network
low complexity
elastic
redhat
CWE-829
critical
nessus

Summary

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Nessus

  • NASL familyCGI abuses
    NASL idKIBANA_ESA_2018_18.NASL
    descriptionNethanel Coppenhagen of CyberArk Labs discovered Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.Note that Nessus has not tested for this issue but has instead relied only on the application
    last seen2020-03-18
    modified2018-11-07
    plugin id118798
    published2018-11-07
    reporterThis script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/118798
    titleKibana ESA-2018-18
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(118798);
      script_version("1.3");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/19");
    
      script_cve_id("CVE-2018-17246");
    
      script_name(english:"Kibana ESA-2018-18");
      script_summary(english:"Checks the version of Kibana.");
    
      script_set_attribute(attribute:"synopsis", value:
    "Based on its self-reported version, the remote web server hosts a 
    Java application which is affected by an arbitrary file inclusion vulnerability.");
      script_set_attribute(attribute:"description", value:
    "Nethanel Coppenhagen of CyberArk Labs discovered Kibana versions
    before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in
    the Console plugin. An attacker with access to the Kibana Console API
    could send a request that will attempt to execute javascript code.
    This could possibly lead to an attacker executing arbitrary commands
    with permissions of the Kibana process on the host system.Note that
    Nessus has not tested for this issue but has instead relied only on
    the application's self-reported version number.");
      # https://www.elastic.co/community/security
      script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f00797e");
      script_set_attribute(attribute:"solution", value:
    "Users should upgrade to Elastic Stack version 6.4.3 or 5.6.13 or 
    later. Users unable to upgrade their installations should refer to 
    the mitigation instructions outlined in the vendor advisory.
    ");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/06");
      script_set_attribute(attribute:"patch_publication_date", value:"2018/11/06");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/07");
    
      script_set_attribute(attribute:"plugin_type", value:"remote");
      script_set_attribute(attribute:"cpe", value:"cpe:/a:elasticsearch:kibana");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"CGI abuses");
    
      script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("kibana_web_detect.nbin");
      script_require_keys("installed_sw/Kibana");
      script_require_ports("Services/www", 5601);
    
      exit(0);
    }
    
    include("audit.inc");
    include("http.inc");
    include("vcf.inc");
    
    app = "Kibana";
    
    get_install_count(app_name:app, exit_if_zero:TRUE);
    
    port = get_http_port(default:5601);
    
    app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE);
    
    constraints = [
      { "min_version" : "5.0.0", "fixed_version" : "5.6.13" },
      { "min_version" : "6.0.0", "fixed_version" : "6.4.3" }
    ];
    
    vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-1_0-0209_KIBANA.NASL
    descriptionAn update of the kibana package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id133299
    published2020-01-28
    reporterThis script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/133299
    titlePhoton OS 1.0: Kibana PHSA-2019-1.0-0209
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-1.0-0209. The text
    # itself is copyright (C) VMware, Inc.
    
    include('compat.inc');
    
    if (description)
    {
      script_id(133299);
      script_version("1.2");
      script_cvs_date("Date: 2020/01/29");
    
      script_cve_id("CVE-2018-17245", "CVE-2018-17246");
      script_bugtraq_id(106285, 106287);
    
      script_name(english:"Photon OS 1.0: Kibana PHSA-2019-1.0-0209");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the kibana package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-209.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/28");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kibana");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 1\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_exists(rpm:"kibana-6.4", release:"PhotonOS-1.0") && rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"kibana-6.4.3-1.ph1")) flag++;
    if (rpm_exists(rpm:"kibana-6.4", release:"PhotonOS-1.0") && rpm_check(release:"PhotonOS-1.0", cpu:"src", reference:"kibana-6.4.3-1.ph1.src")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kibana");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0132_NGINX.NASL
    descriptionAn update of the nginx package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122908
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122908
    titlePhoton OS 2.0: Nginx PHSA-2019-2.0-0132
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122908);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/04");
    
      script_cve_id("CVE-2018-16845");
    
      script_name(english:"Photon OS 2.0: Nginx PHSA-2019-2.0-0132");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the nginx package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nginx");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"nginx-1.13.10-2.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"nginx-debuginfo-1.13.10-2.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0132_PYTHON3.NASL
    descriptionAn update of the python3 package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122909
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122909
    titlePhoton OS 2.0: Python3 PHSA-2019-2.0-0132
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122909);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/04");
    
      script_cve_id("CVE-2018-20406");
    
      script_name(english:"Photon OS 2.0: Python3 PHSA-2019-2.0-0132");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the python3 package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-curses-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-debuginfo-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-devel-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-libs-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-pip-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-setuptools-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-test-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-tools-3.6.5-4.ph2")) flag++;
    if (rpm_check(release:"PhotonOS-2.0", reference:"python3-xml-3.6.5-4.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0132_ELASTICSEARCH.NASL
    descriptionAn update of the elasticsearch package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122906
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122906
    titlePhoton OS 2.0: Elasticsearch PHSA-2019-2.0-0132
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122906);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/04");
    
      script_cve_id("CVE-2018-17244");
    
      script_name(english:"Photon OS 2.0: Elasticsearch PHSA-2019-2.0-0132");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the elasticsearch package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:elasticsearch");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"elasticsearch-6.4.3-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elasticsearch");
    }
    
  • NASL familyPhotonOS Local Security Checks
    NASL idPHOTONOS_PHSA-2019-2_0-0132_KIBANA.NASL
    descriptionAn update of the kibana package has been released.
    last seen2020-06-01
    modified2020-06-02
    plugin id122907
    published2019-03-18
    reporterThis script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/122907
    titlePhoton OS 2.0: Kibana PHSA-2019-2.0-0132
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    
    # The descriptive text and package checks in this plugin were
    # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text
    # itself is copyright (C) VMware, Inc.
    
    include("compat.inc");
    
    if (description)
    {
      script_id(122907);
      script_version("1.2");
      script_cvs_date("Date: 2020/02/04");
    
      script_cve_id("CVE-2018-17245", "CVE-2018-17246");
    
      script_name(english:"Photon OS 2.0: Kibana PHSA-2019-2.0-0132");
      script_summary(english:"Checks the rpm output for the updated packages.");
    
      script_set_attribute(attribute:"synopsis", value:
    "The remote PhotonOS host is missing multiple security updates.");
      script_set_attribute(attribute:"description", value:
    "An update of the kibana package has been released.");
      script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md");
      script_set_attribute(attribute:"solution", value:
    "Update the affected Linux packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
      script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
      script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246");
    
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07");
      script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21");
      script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kibana");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_family(english:"PhotonOS Local Security Checks");
    
      script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list");
    
      exit(0);
    }
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    release = get_kb_item("Host/PhotonOS/release");
    if (isnull(release) || release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS");
    if (release !~ "^VMware Photon (?:Linux|OS) 2\.0(\D|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0");
    
    if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu);
    
    flag = 0;
    
    if (rpm_check(release:"PhotonOS-2.0", reference:"kibana-6.4.3-1.ph2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kibana");
    }
    

Redhat

advisories
rhsa
idRHBA-2018:3743
rpms
  • atomic-enterprise-service-catalog-1:3.11.51-1.git.1671.2d16650.el7
  • atomic-enterprise-service-catalog-svcat-1:3.11.51-1.git.1671.2d16650.el7
  • atomic-openshift-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-clients-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-clients-redistributable-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-cluster-autoscaler-0:3.11.51-1.git.0.0aa9fc2.el7
  • atomic-openshift-descheduler-0:3.11.51-1.git.300.89070e8.el7
  • atomic-openshift-docker-excluder-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-dockerregistry-0:3.11.51-1.git.446.d29ce0e.el7
  • atomic-openshift-excluder-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-hyperkube-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-hypershift-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-master-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-metrics-server-0:3.11.51-1.git.52.03e3a91.el7
  • atomic-openshift-node-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-node-problem-detector-0:3.11.51-1.git.254.22189b0.el7
  • atomic-openshift-pod-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-sdn-ovs-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-service-idler-0:3.11.51-1.git.14.813574a.el7
  • atomic-openshift-template-service-broker-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-tests-0:3.11.51-1.git.0.1560686.el7
  • atomic-openshift-web-console-0:3.11.51-1.git.324.0ae64ed.el7
  • cri-o-0:1.11.10-1.rhaos3.11.git42c86f0.el7
  • cri-o-debuginfo-0:1.11.10-1.rhaos3.11.git42c86f0.el7
  • golang-github-openshift-oauth-proxy-0:3.11.51-1.git.419.1af74df.el7
  • jenkins-0:2.138.2.1542054911-1.el7
  • jenkins-2-plugins-0:3.11.1542061886-1.el7
  • kibana-0:5.6.13-1.el7
  • kibana-debuginfo-0:5.6.13-1.el7
  • openshift-ansible-0:3.11.51-2.git.0.51c90a3.el7
  • openshift-ansible-docs-0:3.11.51-2.git.0.51c90a3.el7
  • openshift-ansible-playbooks-0:3.11.51-2.git.0.51c90a3.el7
  • openshift-ansible-roles-0:3.11.51-2.git.0.51c90a3.el7
  • openshift-ansible-test-0:3.11.51-2.git.0.51c90a3.el7
  • openshift-enterprise-autoheal-0:3.11.51-1.git.219.8ea4275.el7
  • openshift-enterprise-cluster-capacity-0:3.11.51-1.git.380.ffa21af.el7
  • openshift-monitor-project-lifecycle-0:3.11.51-1.git.59.7b59e29.el7
  • openshift-monitor-sample-app-0:3.11.51-1.git.5.f6d0188.el7
  • prometheus-0:3.11.51-1.git.5023.0ad933c.el7
  • prometheus-alertmanager-0:3.11.51-1.git.0.50a0687.el7
  • prometheus-node-exporter-0:3.11.51-1.git.1063.12dd8be.el7