Vulnerabilities > CVE-2018-17246 - Inclusion of Functionality from Untrusted Control Sphere vulnerability in multiple products

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

elastic

redhat

CWE-829

nessus

NVD

Published: 2018-12-20

Updated: 2020-08-14

Summary

Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.

Vulnerable Configurations

Part	Description	Count
Application	Elastic Elastic Kibana 5.0.0 Elastic Kibana 5.0.1 Elastic Kibana 5.0.2 Elastic Kibana 5.1.1 Elastic Kibana 5.1.2 Elastic Kibana 5.2.0 Elastic Kibana 5.2.1 Elastic Kibana 5.2.2 Elastic Kibana 5.3.0 Elastic Kibana 5.3.1 Elastic Kibana 5.3.2 Elastic Kibana 5.3.3 Elastic Kibana 5.4.0 Elastic Kibana 5.4.1 Elastic Kibana 5.4.2 Elastic Kibana 5.4.3 Elastic Kibana 5.5.0 Elastic Kibana 5.5.1 Elastic Kibana 5.5.2 Elastic Kibana 5.5.3 Elastic Kibana 5.6.0 Elastic Kibana 5.6.1 Elastic Kibana 5.6.2 Elastic Kibana 5.6.3 Elastic Kibana 5.6.4 Elastic Kibana 5.6.5 Elastic Kibana 5.6.6 Elastic Kibana 5.6.7 Elastic Kibana 5.6.8 Elastic Kibana 5.6.9 Elastic Kibana 5.6.10 Elastic Kibana 5.6.11 Elastic Kibana 5.6.12 Elastic Kibana 6.0.0 Elastic Kibana 6.0.1 Elastic Kibana 6.1.0 Elastic Kibana 6.1.1 Elastic Kibana 6.1.2 Elastic Kibana 6.1.3 Elastic Kibana 6.1.4 Elastic Kibana 6.2.0 Elastic Kibana 6.2.1 Elastic Kibana 6.2.2 Elastic Kibana 6.2.3 Elastic Kibana 6.2.4 Elastic Kibana 6.3.0 Elastic Kibana 6.3.1 Elastic Kibana 6.3.2 Elastic Kibana 6.4.0 Elastic Kibana 6.4.1 Elastic Kibana 6.4.2	64
Application	Redhat Redhat Openshift Container Platform 3.11	1

Common Weakness Enumeration (CWE)

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Nessus

NASL family	CGI abuses
NASL id	KIBANA_ESA_2018_18.NASL
description	Nethanel Coppenhagen of CyberArk Labs discovered Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.Note that Nessus has not tested for this issue but has instead relied only on the application
last seen	2020-03-18
modified	2018-11-07
plugin id	118798
published	2018-11-07
reporter	This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/118798
title	Kibana ESA-2018-18
code	# # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(118798); script_version("1.3"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/02/19"); script_cve_id("CVE-2018-17246"); script_name(english:"Kibana ESA-2018-18"); script_summary(english:"Checks the version of Kibana."); script_set_attribute(attribute:"synopsis", value: "Based on its self-reported version, the remote web server hosts a Java application which is affected by an arbitrary file inclusion vulnerability."); script_set_attribute(attribute:"description", value: "Nethanel Coppenhagen of CyberArk Labs discovered Kibana versions before 6.4.3 and 5.6.13 contain an arbitrary file inclusion flaw in the Console plugin. An attacker with access to the Kibana Console API could send a request that will attempt to execute javascript code. This could possibly lead to an attacker executing arbitrary commands with permissions of the Kibana process on the host system.Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number."); # https://www.elastic.co/community/security script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?3f00797e"); script_set_attribute(attribute:"solution", value: "Users should upgrade to Elastic Stack version 6.4.3 or 5.6.13 or later. Users unable to upgrade their installations should refer to the mitigation instructions outlined in the vendor advisory. "); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/06"); script_set_attribute(attribute:"patch_publication_date", value:"2018/11/06"); script_set_attribute(attribute:"plugin_publication_date", value:"2018/11/07"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:elasticsearch:kibana"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2018-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("kibana_web_detect.nbin"); script_require_keys("installed_sw/Kibana"); script_require_ports("Services/www", 5601); exit(0); } include("audit.inc"); include("http.inc"); include("vcf.inc"); app = "Kibana"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:5601); app_info = vcf::get_app_info(app:app, port:port, webapp:TRUE); constraints = [ { "min_version" : "5.0.0", "fixed_version" : "5.6.13" }, { "min_version" : "6.0.0", "fixed_version" : "6.4.3" } ]; vcf::check_version_and_report(app_info:app_info, constraints:constraints, severity:SECURITY_HOLE);

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-1_0-0209_KIBANA.NASL
description	An update of the kibana package has been released.
last seen	2020-06-01
modified	2020-06-02
plugin id	133299
published	2020-01-28
reporter	This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/133299
title	Photon OS 1.0: Kibana PHSA-2019-1.0-0209
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-1.0-0209. The text # itself is copyright (C) VMware, Inc. include('compat.inc'); if (description) { script_id(133299); script_version("1.2"); script_cvs_date("Date: 2020/01/29"); script_cve_id("CVE-2018-17245", "CVE-2018-17246"); script_bugtraq_id(106285, 106287); script_name(english:"Photon OS 1.0: Kibana PHSA-2019-1.0-0209"); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the kibana package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-1.0-209.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/12/20"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2020/01/28"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kibana"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:1.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 1\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 1.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "aarch64" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_exists(rpm:"kibana-6.4", release:"PhotonOS-1.0") && rpm_check(release:"PhotonOS-1.0", cpu:"x86_64", reference:"kibana-6.4.3-1.ph1")) flag++; if (rpm_exists(rpm:"kibana-6.4", release:"PhotonOS-1.0") && rpm_check(release:"PhotonOS-1.0", cpu:"src", reference:"kibana-6.4.3-1.ph1.src")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kibana"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-2_0-0132_NGINX.NASL
description	An update of the nginx package has been released.
last seen	2020-06-01
modified	2020-06-02
plugin id	122908
published	2019-03-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122908
title	Photon OS 2.0: Nginx PHSA-2019-2.0-0132
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(122908); script_version("1.2"); script_cvs_date("Date: 2020/02/04"); script_cve_id("CVE-2018-16845"); script_name(english:"Photon OS 2.0: Nginx PHSA-2019-2.0-0132"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the nginx package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:nginx"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"nginx-1.13.10-2.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"nginx-debuginfo-1.13.10-2.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "nginx"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-2_0-0132_PYTHON3.NASL
description	An update of the python3 package has been released.
last seen	2020-06-01
modified	2020-06-02
plugin id	122909
published	2019-03-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122909
title	Photon OS 2.0: Python3 PHSA-2019-2.0-0132
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(122909); script_version("1.2"); script_cvs_date("Date: 2020/02/04"); script_cve_id("CVE-2018-20406"); script_name(english:"Photon OS 2.0: Python3 PHSA-2019-2.0-0132"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the python3 package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:python3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-curses-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-debuginfo-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-devel-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-libs-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-pip-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-setuptools-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-test-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-tools-3.6.5-4.ph2")) flag++; if (rpm_check(release:"PhotonOS-2.0", reference:"python3-xml-3.6.5-4.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "python3"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-2_0-0132_ELASTICSEARCH.NASL
description	An update of the elasticsearch package has been released.
last seen	2020-06-01
modified	2020-06-02
plugin id	122906
published	2019-03-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122906
title	Photon OS 2.0: Elasticsearch PHSA-2019-2.0-0132
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(122906); script_version("1.2"); script_cvs_date("Date: 2020/02/04"); script_cve_id("CVE-2018-17244"); script_name(english:"Photon OS 2.0: Elasticsearch PHSA-2019-2.0-0132"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the elasticsearch package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:elasticsearch"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"elasticsearch-6.4.3-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "elasticsearch"); }

NASL family	PhotonOS Local Security Checks
NASL id	PHOTONOS_PHSA-2019-2_0-0132_KIBANA.NASL
description	An update of the kibana package has been released.
last seen	2020-06-01
modified	2020-06-02
plugin id	122907
published	2019-03-18
reporter	This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/122907
title	Photon OS 2.0: Kibana PHSA-2019-2.0-0132
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from VMware Security Advisory PHSA-2019-2.0-0132. The text # itself is copyright (C) VMware, Inc. include("compat.inc"); if (description) { script_id(122907); script_version("1.2"); script_cvs_date("Date: 2020/02/04"); script_cve_id("CVE-2018-17245", "CVE-2018-17246"); script_name(english:"Photon OS 2.0: Kibana PHSA-2019-2.0-0132"); script_summary(english:"Checks the rpm output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote PhotonOS host is missing multiple security updates."); script_set_attribute(attribute:"description", value: "An update of the kibana package has been released."); script_set_attribute(attribute:"see_also", value:"https://github.com/vmware/photon/wiki/Security-Updates-2-132.md"); script_set_attribute(attribute:"solution", value: "Update the affected Linux packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"); script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2018-17246"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"vuln_publication_date", value:"2018/11/07"); script_set_attribute(attribute:"patch_publication_date", value:"2019/02/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2019/03/18"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:vmware:photonos:kibana"); script_set_attribute(attribute:"cpe", value:"cpe:/o:vmware:photonos:2.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"PhotonOS Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2019-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/PhotonOS/release", "Host/PhotonOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/PhotonOS/release"); if (isnull(release) \|\| release !~ "^VMware Photon") audit(AUDIT_OS_NOT, "PhotonOS"); if (release !~ "^VMware Photon (?:Linux\|OS) 2\.0(\D\|$)") audit(AUDIT_OS_NOT, "PhotonOS 2.0"); if (!get_kb_item("Host/PhotonOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "PhotonOS", cpu); flag = 0; if (rpm_check(release:"PhotonOS-2.0", reference:"kibana-6.4.3-1.ph2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "kibana"); }

Redhat

advisories

rhsa

id	RHBA-2018:3743

rpms

atomic-enterprise-service-catalog-1:3.11.51-1.git.1671.2d16650.el7
atomic-enterprise-service-catalog-svcat-1:3.11.51-1.git.1671.2d16650.el7
atomic-openshift-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-clients-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-clients-redistributable-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-cluster-autoscaler-0:3.11.51-1.git.0.0aa9fc2.el7
atomic-openshift-descheduler-0:3.11.51-1.git.300.89070e8.el7
atomic-openshift-docker-excluder-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-dockerregistry-0:3.11.51-1.git.446.d29ce0e.el7
atomic-openshift-excluder-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-hyperkube-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-hypershift-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-master-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-metrics-server-0:3.11.51-1.git.52.03e3a91.el7
atomic-openshift-node-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-node-problem-detector-0:3.11.51-1.git.254.22189b0.el7
atomic-openshift-pod-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-sdn-ovs-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-service-idler-0:3.11.51-1.git.14.813574a.el7
atomic-openshift-template-service-broker-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-tests-0:3.11.51-1.git.0.1560686.el7
atomic-openshift-web-console-0:3.11.51-1.git.324.0ae64ed.el7
cri-o-0:1.11.10-1.rhaos3.11.git42c86f0.el7
cri-o-debuginfo-0:1.11.10-1.rhaos3.11.git42c86f0.el7
golang-github-openshift-oauth-proxy-0:3.11.51-1.git.419.1af74df.el7
jenkins-0:2.138.2.1542054911-1.el7
jenkins-2-plugins-0:3.11.1542061886-1.el7
kibana-0:5.6.13-1.el7
kibana-debuginfo-0:5.6.13-1.el7
openshift-ansible-0:3.11.51-2.git.0.51c90a3.el7
openshift-ansible-docs-0:3.11.51-2.git.0.51c90a3.el7
openshift-ansible-playbooks-0:3.11.51-2.git.0.51c90a3.el7
openshift-ansible-roles-0:3.11.51-2.git.0.51c90a3.el7
openshift-ansible-test-0:3.11.51-2.git.0.51c90a3.el7
openshift-enterprise-autoheal-0:3.11.51-1.git.219.8ea4275.el7
openshift-enterprise-cluster-capacity-0:3.11.51-1.git.380.ffa21af.el7
openshift-monitor-project-lifecycle-0:3.11.51-1.git.59.7b59e29.el7
openshift-monitor-sample-app-0:3.11.51-1.git.5.f6d0188.el7
prometheus-0:3.11.51-1.git.5023.0ad933c.el7
prometheus-alertmanager-0:3.11.51-1.git.0.50a0687.el7
prometheus-node-exporter-0:3.11.51-1.git.1063.12dd8be.el7

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Nessus

Redhat

References