SB2023112747 - Multiple vulnerabilities in Red Hat Satellite 6.14
Published: November 27, 2023 Updated: December 6, 2024
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 secuirty vulnerabilities.
1) Resource exhaustion (CVE-ID: CVE-2022-44571)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing Content-Disposition header in lib/rack/multipart/parser.rb. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
2) Inefficient regular expression complexity (CVE-ID: CVE-2023-36053)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions within EmailValidator and URLValidator. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
3) Information disclosure (CVE-ID: CVE-2023-32681)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to requests has been leaking Proxy-Authorization headers to destination servers when redirected to an HTTPS endpoint. A remote attacker can gain unauthorized access to sensitive information on the system.
4) Arbitrary file upload (CVE-ID: CVE-2023-31047)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to the application does not perform validation of files when using one form field for uploading multiple files. A remote attacker can upload a malicious file and execute it on the server.
5) Resource exhaustion (CVE-ID: CVE-2023-30608)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
6) Improper Neutralization of HTTP Headers for Scripting Syntax (CVE-ID: CVE-2023-29406)
The vulnerability allows a remote attacker to perform spoofing attack.
The vulnerability exists due to improper input validation in HTTP/1 client when handling HTTP Host header. A remote non-authenticated attacker can send a specially crafted HTTP request with a maliciously crafted Host header and inject additional headers or entire requests.
Successful exploitation of the vulnerability may allow an attacker to perform cross-site scripting, cache poisoning or session hijacking attacks.
7) Input validation error (CVE-ID: CVE-2023-27539)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when parsing HTTP headers. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
8) Input validation error (CVE-ID: CVE-2023-27530)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input of Multipart MIME header. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
9) Incorrect Regular Expression (CVE-ID: CVE-2023-22799)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to incorrect parsing of model name. A remote attacker can pass specially crafted input to the application and consume excessive CPU resources, resulting in regular expression denial of service.
10) Input validation error (CVE-ID: CVE-2023-22796)
The vulnerability allows a remote attacker to perform a regular expression based denial of service (ReDoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Active Support in Inflector.underscore. A remote attacker can pass specially crafted input to the application and perform a regular expression based denial of service (ReDoS) attack.
11) Input validation error (CVE-ID: CVE-2023-22795)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Action Dispatch. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
12) Input validation error (CVE-ID: CVE-2023-22792)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in Action Dispatch. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
13) Inefficient regular expression complexity (CVE-ID: CVE-2023-1894)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
14) Cross-site scripting (CVE-ID: CVE-2023-0119)
The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the Comment section in the Hosts tab. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
15) Resource exhaustion (CVE-ID: CVE-2022-44572)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources when parsing Content-Disposition header in lib/rack/multipart/parser.rb. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
16) Resource exhaustion (CVE-ID: CVE-2022-44570)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources within the get_byte_ranges() function in lib/rack/utils.rb when parsing the Range header. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
17) Resource exhaustion (CVE-ID: CVE-2023-44487)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improperly control of consumption for internal resources when handling HTTP/2 requests with compressed HEADERS frames. A remote attacker can send a sequence of compressed HEADERS frames followed by RST_STREAM frames and perform a denial of service (DoS) attack, a.k.a. "Rapid Reset".
Note, the vulnerability is being actively exploited in the wild.
18) OS Command Injection (CVE-ID: CVE-2023-0118)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing templates . A remote privileged user can bypass safe mode and inject and execute arbitrary OS commands via the Report Templates function by modifying the "template" JSON value in the POST request.
19) Resource exhaustion (CVE-ID: CVE-2023-39325)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive consumption of internal resources when handling HTTP/2 requests. A remote attacker can bypass the http2.Server.MaxConcurrentStreams setting by creating new connections while the current connections are still being processed, trigger resource exhaustion and perform a denial of service (DoS) attack.
20) Input validation error (CVE-ID: CVE-2023-40267)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can pass specially crafted input to the application and compromise the affected system.
Note, the vulnerability exists due to incomplete fix for CVE-2022-24439.
21) Improper Certificate Validation (CVE-ID: CVE-2022-0759)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to the way kubeclient parses kubeconfig files. When the kubeconfig file does not configure custom CA to verify certs,
kubeclient ends up accepting any certificate (it wrongly returns
VERIFY_NONE). A remote attacker can perform MitM attack.
22) OS Command Injection (CVE-ID: CVE-2022-3874)
The vulnerability allows a remote user to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation when processing CoreOS and Fedora CoreOS configurations in templates in foreman. A remote user with administrative privileges can inject arbitrary OS commands into configuration templates and execute them on the system.
23) Code Injection (CVE-ID: CVE-2022-46648)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user can use a specially crafted filename and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
24) Code Injection (CVE-ID: CVE-2022-47318)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to improper input validation. A remote user can use a specially crafted filename and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
25) SQL injection (CVE-ID: CVE-2023-22794)
The vulnerability allows a remote attacker to execute arbitrary SQL queries in database.
The vulnerability exists due to insufficient sanitization of user-supplied data in the ActiveRecord comments. A remote attacker can send a specially crafted request to the affected application and execute arbitrary SQL commands within the application database.
Successful exploitation of this vulnerability may allow a remote attacker to read, delete, modify data in database and gain complete control over the affected application.
26) Input validation error (CVE-ID: CVE-2022-44566)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in ActiveRecord’s PostgreSQL adapter. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
27) OS Command Injection (CVE-ID: CVE-2022-1292)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
28) OS Command Injection (CVE-ID: CVE-2022-2068)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
29) Insufficiently protected credentials (CVE-ID: CVE-2022-3644)
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to pulp_ansible stores tokens in plaintext instead of using pulp's
encrypted field and exposes them in read/write mode via the API ()
instead of marking it as write only. A local user can obtain credentials of Ansible users.
30) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2022-4130)
The disclosed vulnerability allows a remote user to perform SSRF attacks.
The vulnerability exists due to insufficient validation of HTTP Referer header at "/locations/clear". A remote authenticated user can send a specially crafted HTTP request and trick the application to initiate requests to arbitrary systems.
Successful exploitation of this vulnerability may allow a remote attacker gain access to sensitive data, located in the local network or send malicious requests to other servers from the vulnerable system.
31) Incorrect Regular Expression (CVE-ID: CVE-2022-40899)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper input validation when processing the Set-Cookie header. A remote attacker can send a specially crafted HTTP request to the application and perform a regular expression denial of service (ReDoS) attack.
32) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2022-41717)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to excessive memory growth when handling HTTP/2 server requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.
Remediation
Install update from vendor's website.