Anolis OS update for fence-agents



Risk Medium
Patch available YES
Number of vulnerabilities 7
CVE-ID CVE-2023-37920
CVE-2023-43804
CVE-2023-45803
CVE-2023-52323
CVE-2024-22195
CVE-2024-34064
CVE-2024-37891
CWE-ID CWE-345
CWE-200
CWE-203
CWE-79
Exploitation vector Network
Public exploit Public exploit code for vulnerability #2 is available.
Vulnerable software
 Anolis OS
Operating systems & Components / Operating system

fence-agents-wti
Operating systems & Components / Operating system package or component

fence-agents-vmware-soap
Operating systems & Components / Operating system package or component

fence-agents-vmware-rest
Operating systems & Components / Operating system package or component

fence-agents-virsh
Operating systems & Components / Operating system package or component

fence-agents-scsi
Operating systems & Components / Operating system package or component

fence-agents-sbd
Operating systems & Components / Operating system package or component

fence-agents-rsb
Operating systems & Components / Operating system package or component

fence-agents-rsa
Operating systems & Components / Operating system package or component

fence-agents-rhevm
Operating systems & Components / Operating system package or component

fence-agents-mpath
Operating systems & Components / Operating system package or component

fence-agents-lpar
Operating systems & Components / Operating system package or component

fence-agents-ipmilan
Operating systems & Components / Operating system package or component

fence-agents-ipdu
Operating systems & Components / Operating system package or component

fence-agents-intelmodular
Operating systems & Components / Operating system package or component

fence-agents-ilo2
Operating systems & Components / Operating system package or component

fence-agents-ilo-ssh
Operating systems & Components / Operating system package or component

fence-agents-ilo-mp
Operating systems & Components / Operating system package or component

fence-agents-ilo-moonshot
Operating systems & Components / Operating system package or component

fence-agents-ifmib
Operating systems & Components / Operating system package or component

fence-agents-ibmblade
Operating systems & Components / Operating system package or component

fence-agents-ibm-vpc
Operating systems & Components / Operating system package or component

fence-agents-ibm-powervs
Operating systems & Components / Operating system package or component

fence-agents-hpblade
Operating systems & Components / Operating system package or component

fence-agents-heuristics-ping
Operating systems & Components / Operating system package or component

fence-agents-eps
Operating systems & Components / Operating system package or component

fence-agents-emerson
Operating systems & Components / Operating system package or component

fence-agents-eaton-snmp
Operating systems & Components / Operating system package or component

fence-agents-drac5
Operating systems & Components / Operating system package or component

fence-agents-common
Operating systems & Components / Operating system package or component

fence-agents-cisco-ucs
Operating systems & Components / Operating system package or component

fence-agents-cisco-mds
Operating systems & Components / Operating system package or component

fence-agents-brocade
Operating systems & Components / Operating system package or component

fence-agents-bladecenter
Operating systems & Components / Operating system package or component

fence-agents-apc-snmp
Operating systems & Components / Operating system package or component

fence-agents-apc
Operating systems & Components / Operating system package or component

fence-agents-amt-ws
Operating systems & Components / Operating system package or component

ha-cloud-support
Operating systems & Components / Operating system package or component

fence-virtd-tcp
Operating systems & Components / Operating system package or component

fence-virtd-serial
Operating systems & Components / Operating system package or component

fence-virtd-multicast
Operating systems & Components / Operating system package or component

fence-virtd-libvirt
Operating systems & Components / Operating system package or component

fence-virtd-cpg
Operating systems & Components / Operating system package or component

fence-virtd
Operating systems & Components / Operating system package or component

fence-virt
Operating systems & Components / Operating system package or component

fence-agents-gce
Operating systems & Components / Operating system package or component

fence-agents-azure-arm
Operating systems & Components / Operating system package or component

fence-agents-aws
Operating systems & Components / Operating system package or component

fence-agents-aliyun
Operating systems & Components / Operating system package or component

fence-agents-redfish
Operating systems & Components / Operating system package or component

fence-agents-kubevirt
Operating systems & Components / Operating system package or component

fence-agents-kdump
Operating systems & Components / Operating system package or component

fence-agents-all
Operating systems & Components / Operating system package or component

Vendor OpenAnolis

Security Bulletin

This security bulletin contains information about 7 vulnerabilities.

1) Insufficient verification of data authenticity

EUVDB-ID: #VU79296

Risk: Medium

CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-37920

CWE-ID: CWE-345 - Insufficient Verification of Data Authenticity

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform MitM attack.

The vulnerability exist due to software recognizes "e-Tugra" root certificates, which were subject to an investigation prompted by reporting of security issues in their systems. An attacker with ability to generate certificates signed with the  compromised "e-Tugra" root certificate can perform MitM attack.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-62.0.1

fence-agents-vmware-soap: before 4.10.0-62.0.1

fence-agents-vmware-rest: before 4.10.0-62.0.1

fence-agents-virsh: before 4.10.0-62.0.1

fence-agents-scsi: before 4.10.0-62.0.1

fence-agents-sbd: before 4.10.0-62.0.1

fence-agents-rsb: before 4.10.0-62.0.1

fence-agents-rsa: before 4.10.0-62.0.1

fence-agents-rhevm: before 4.10.0-62.0.1

fence-agents-mpath: before 4.10.0-62.0.1

fence-agents-lpar: before 4.10.0-62.0.1

fence-agents-ipmilan: before 4.10.0-62.0.1

fence-agents-ipdu: before 4.10.0-62.0.1

fence-agents-intelmodular: before 4.10.0-62.0.1

fence-agents-ilo2: before 4.10.0-62.0.1

fence-agents-ilo-ssh: before 4.10.0-62.0.1

fence-agents-ilo-mp: before 4.10.0-62.0.1

fence-agents-ilo-moonshot: before 4.10.0-62.0.1

fence-agents-ifmib: before 4.10.0-62.0.1

fence-agents-ibmblade: before 4.10.0-62.0.1

fence-agents-ibm-vpc: before 4.10.0-62.0.1

fence-agents-ibm-powervs: before 4.10.0-62.0.1

fence-agents-hpblade: before 4.10.0-62.0.1

fence-agents-heuristics-ping: before 4.10.0-62.0.1

fence-agents-eps: before 4.10.0-62.0.1

fence-agents-emerson: before 4.10.0-62.0.1

fence-agents-eaton-snmp: before 4.10.0-62.0.1

fence-agents-drac5: before 4.10.0-62.0.1

fence-agents-common: before 4.10.0-62.0.1

fence-agents-cisco-ucs: before 4.10.0-62.0.1

fence-agents-cisco-mds: before 4.10.0-62.0.1

fence-agents-brocade: before 4.10.0-62.0.1

fence-agents-bladecenter: before 4.10.0-62.0.1

fence-agents-apc-snmp: before 4.10.0-62.0.1

fence-agents-apc: before 4.10.0-62.0.1

fence-agents-amt-ws: before 4.10.0-62.0.1

ha-cloud-support: before 4.10.0-62.0.1

fence-virtd-tcp: before 4.10.0-62.0.1

fence-virtd-serial: before 4.10.0-62.0.1

fence-virtd-multicast: before 4.10.0-62.0.1

fence-virtd-libvirt: before 4.10.0-62.0.1

fence-virtd-cpg: before 4.10.0-62.0.1

fence-virtd: before 4.10.0-62.0.1

fence-virt: before 4.10.0-62.0.1

fence-agents-gce: before 4.10.0-62.0.1

fence-agents-azure-arm: before 4.10.0-62.0.1

fence-agents-aws: before 4.10.0-62.0.1

fence-agents-aliyun: before 4.10.0-62.0.1

fence-agents-redfish: before 4.10.0-62.0.1

fence-agents-kubevirt: before 4.10.0-62.0.1

fence-agents-kdump: before 4.10.0-62.0.1

fence-agents-all: before 4.10.0-62.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0899


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Information disclosure

EUVDB-ID: #VU81322

Risk: Low

CVSSv4.0: 2.9 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/U:Clear]

CVE-ID: CVE-2023-43804

CWE-ID: CWE-200 - Information exposure

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to urllib does not strip the "Cookie" HTTP header during cross-origin HTTP redirects. A remote attacker can gain unauthorized access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-62.0.1

fence-agents-vmware-soap: before 4.10.0-62.0.1

fence-agents-vmware-rest: before 4.10.0-62.0.1

fence-agents-virsh: before 4.10.0-62.0.1

fence-agents-scsi: before 4.10.0-62.0.1

fence-agents-sbd: before 4.10.0-62.0.1

fence-agents-rsb: before 4.10.0-62.0.1

fence-agents-rsa: before 4.10.0-62.0.1

fence-agents-rhevm: before 4.10.0-62.0.1

fence-agents-mpath: before 4.10.0-62.0.1

fence-agents-lpar: before 4.10.0-62.0.1

fence-agents-ipmilan: before 4.10.0-62.0.1

fence-agents-ipdu: before 4.10.0-62.0.1

fence-agents-intelmodular: before 4.10.0-62.0.1

fence-agents-ilo2: before 4.10.0-62.0.1

fence-agents-ilo-ssh: before 4.10.0-62.0.1

fence-agents-ilo-mp: before 4.10.0-62.0.1

fence-agents-ilo-moonshot: before 4.10.0-62.0.1

fence-agents-ifmib: before 4.10.0-62.0.1

fence-agents-ibmblade: before 4.10.0-62.0.1

fence-agents-ibm-vpc: before 4.10.0-62.0.1

fence-agents-ibm-powervs: before 4.10.0-62.0.1

fence-agents-hpblade: before 4.10.0-62.0.1

fence-agents-heuristics-ping: before 4.10.0-62.0.1

fence-agents-eps: before 4.10.0-62.0.1

fence-agents-emerson: before 4.10.0-62.0.1

fence-agents-eaton-snmp: before 4.10.0-62.0.1

fence-agents-drac5: before 4.10.0-62.0.1

fence-agents-common: before 4.10.0-62.0.1

fence-agents-cisco-ucs: before 4.10.0-62.0.1

fence-agents-cisco-mds: before 4.10.0-62.0.1

fence-agents-brocade: before 4.10.0-62.0.1

fence-agents-bladecenter: before 4.10.0-62.0.1

fence-agents-apc-snmp: before 4.10.0-62.0.1

fence-agents-apc: before 4.10.0-62.0.1

fence-agents-amt-ws: before 4.10.0-62.0.1

ha-cloud-support: before 4.10.0-62.0.1

fence-virtd-tcp: before 4.10.0-62.0.1

fence-virtd-serial: before 4.10.0-62.0.1

fence-virtd-multicast: before 4.10.0-62.0.1

fence-virtd-libvirt: before 4.10.0-62.0.1

fence-virtd-cpg: before 4.10.0-62.0.1

fence-virtd: before 4.10.0-62.0.1

fence-virt: before 4.10.0-62.0.1

fence-agents-gce: before 4.10.0-62.0.1

fence-agents-azure-arm: before 4.10.0-62.0.1

fence-agents-aws: before 4.10.0-62.0.1

fence-agents-aliyun: before 4.10.0-62.0.1

fence-agents-redfish: before 4.10.0-62.0.1

fence-agents-kubevirt: before 4.10.0-62.0.1

fence-agents-kdump: before 4.10.0-62.0.1

fence-agents-all: before 4.10.0-62.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0899


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

3) Information disclosure

EUVDB-ID: #VU82978

Risk: Medium

CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2023-45803

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to urllib3 does not remove the HTTP request body when redirecting HTTP response using status codes 301, 302, or 303, after the request had its method changed from one that could accept a request body (e.g. from POST to GET). A remote attacker can gain access to potentially sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-62.0.1

fence-agents-vmware-soap: before 4.10.0-62.0.1

fence-agents-vmware-rest: before 4.10.0-62.0.1

fence-agents-virsh: before 4.10.0-62.0.1

fence-agents-scsi: before 4.10.0-62.0.1

fence-agents-sbd: before 4.10.0-62.0.1

fence-agents-rsb: before 4.10.0-62.0.1

fence-agents-rsa: before 4.10.0-62.0.1

fence-agents-rhevm: before 4.10.0-62.0.1

fence-agents-mpath: before 4.10.0-62.0.1

fence-agents-lpar: before 4.10.0-62.0.1

fence-agents-ipmilan: before 4.10.0-62.0.1

fence-agents-ipdu: before 4.10.0-62.0.1

fence-agents-intelmodular: before 4.10.0-62.0.1

fence-agents-ilo2: before 4.10.0-62.0.1

fence-agents-ilo-ssh: before 4.10.0-62.0.1

fence-agents-ilo-mp: before 4.10.0-62.0.1

fence-agents-ilo-moonshot: before 4.10.0-62.0.1

fence-agents-ifmib: before 4.10.0-62.0.1

fence-agents-ibmblade: before 4.10.0-62.0.1

fence-agents-ibm-vpc: before 4.10.0-62.0.1

fence-agents-ibm-powervs: before 4.10.0-62.0.1

fence-agents-hpblade: before 4.10.0-62.0.1

fence-agents-heuristics-ping: before 4.10.0-62.0.1

fence-agents-eps: before 4.10.0-62.0.1

fence-agents-emerson: before 4.10.0-62.0.1

fence-agents-eaton-snmp: before 4.10.0-62.0.1

fence-agents-drac5: before 4.10.0-62.0.1

fence-agents-common: before 4.10.0-62.0.1

fence-agents-cisco-ucs: before 4.10.0-62.0.1

fence-agents-cisco-mds: before 4.10.0-62.0.1

fence-agents-brocade: before 4.10.0-62.0.1

fence-agents-bladecenter: before 4.10.0-62.0.1

fence-agents-apc-snmp: before 4.10.0-62.0.1

fence-agents-apc: before 4.10.0-62.0.1

fence-agents-amt-ws: before 4.10.0-62.0.1

ha-cloud-support: before 4.10.0-62.0.1

fence-virtd-tcp: before 4.10.0-62.0.1

fence-virtd-serial: before 4.10.0-62.0.1

fence-virtd-multicast: before 4.10.0-62.0.1

fence-virtd-libvirt: before 4.10.0-62.0.1

fence-virtd-cpg: before 4.10.0-62.0.1

fence-virtd: before 4.10.0-62.0.1

fence-virt: before 4.10.0-62.0.1

fence-agents-gce: before 4.10.0-62.0.1

fence-agents-azure-arm: before 4.10.0-62.0.1

fence-agents-aws: before 4.10.0-62.0.1

fence-agents-aliyun: before 4.10.0-62.0.1

fence-agents-redfish: before 4.10.0-62.0.1

fence-agents-kubevirt: before 4.10.0-62.0.1

fence-agents-kdump: before 4.10.0-62.0.1

fence-agents-all: before 4.10.0-62.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0899


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

4) Observable discrepancy

EUVDB-ID: #VU85747

Risk: Low

CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2023-52323

CWE-ID: CWE-203 - Observable discrepancy

Exploit availability: No

Description

The vulnerability allows a remote attacker to perform a side-channel attack.

The vulnerability exists due to observable discrepancy, which allows the side-channel leakage for OAEP decryption. A remote attacker can perform a Manger attack and gain access to sensitive information.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-62.0.1

fence-agents-vmware-soap: before 4.10.0-62.0.1

fence-agents-vmware-rest: before 4.10.0-62.0.1

fence-agents-virsh: before 4.10.0-62.0.1

fence-agents-scsi: before 4.10.0-62.0.1

fence-agents-sbd: before 4.10.0-62.0.1

fence-agents-rsb: before 4.10.0-62.0.1

fence-agents-rsa: before 4.10.0-62.0.1

fence-agents-rhevm: before 4.10.0-62.0.1

fence-agents-mpath: before 4.10.0-62.0.1

fence-agents-lpar: before 4.10.0-62.0.1

fence-agents-ipmilan: before 4.10.0-62.0.1

fence-agents-ipdu: before 4.10.0-62.0.1

fence-agents-intelmodular: before 4.10.0-62.0.1

fence-agents-ilo2: before 4.10.0-62.0.1

fence-agents-ilo-ssh: before 4.10.0-62.0.1

fence-agents-ilo-mp: before 4.10.0-62.0.1

fence-agents-ilo-moonshot: before 4.10.0-62.0.1

fence-agents-ifmib: before 4.10.0-62.0.1

fence-agents-ibmblade: before 4.10.0-62.0.1

fence-agents-ibm-vpc: before 4.10.0-62.0.1

fence-agents-ibm-powervs: before 4.10.0-62.0.1

fence-agents-hpblade: before 4.10.0-62.0.1

fence-agents-heuristics-ping: before 4.10.0-62.0.1

fence-agents-eps: before 4.10.0-62.0.1

fence-agents-emerson: before 4.10.0-62.0.1

fence-agents-eaton-snmp: before 4.10.0-62.0.1

fence-agents-drac5: before 4.10.0-62.0.1

fence-agents-common: before 4.10.0-62.0.1

fence-agents-cisco-ucs: before 4.10.0-62.0.1

fence-agents-cisco-mds: before 4.10.0-62.0.1

fence-agents-brocade: before 4.10.0-62.0.1

fence-agents-bladecenter: before 4.10.0-62.0.1

fence-agents-apc-snmp: before 4.10.0-62.0.1

fence-agents-apc: before 4.10.0-62.0.1

fence-agents-amt-ws: before 4.10.0-62.0.1

ha-cloud-support: before 4.10.0-62.0.1

fence-virtd-tcp: before 4.10.0-62.0.1

fence-virtd-serial: before 4.10.0-62.0.1

fence-virtd-multicast: before 4.10.0-62.0.1

fence-virtd-libvirt: before 4.10.0-62.0.1

fence-virtd-cpg: before 4.10.0-62.0.1

fence-virtd: before 4.10.0-62.0.1

fence-virt: before 4.10.0-62.0.1

fence-agents-gce: before 4.10.0-62.0.1

fence-agents-azure-arm: before 4.10.0-62.0.1

fence-agents-aws: before 4.10.0-62.0.1

fence-agents-aliyun: before 4.10.0-62.0.1

fence-agents-redfish: before 4.10.0-62.0.1

fence-agents-kubevirt: before 4.10.0-62.0.1

fence-agents-kdump: before 4.10.0-62.0.1

fence-agents-all: before 4.10.0-62.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0899


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

5) Cross-site scripting

EUVDB-ID: #VU85368

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-22195

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the xmlattr filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-62.0.1

fence-agents-vmware-soap: before 4.10.0-62.0.1

fence-agents-vmware-rest: before 4.10.0-62.0.1

fence-agents-virsh: before 4.10.0-62.0.1

fence-agents-scsi: before 4.10.0-62.0.1

fence-agents-sbd: before 4.10.0-62.0.1

fence-agents-rsb: before 4.10.0-62.0.1

fence-agents-rsa: before 4.10.0-62.0.1

fence-agents-rhevm: before 4.10.0-62.0.1

fence-agents-mpath: before 4.10.0-62.0.1

fence-agents-lpar: before 4.10.0-62.0.1

fence-agents-ipmilan: before 4.10.0-62.0.1

fence-agents-ipdu: before 4.10.0-62.0.1

fence-agents-intelmodular: before 4.10.0-62.0.1

fence-agents-ilo2: before 4.10.0-62.0.1

fence-agents-ilo-ssh: before 4.10.0-62.0.1

fence-agents-ilo-mp: before 4.10.0-62.0.1

fence-agents-ilo-moonshot: before 4.10.0-62.0.1

fence-agents-ifmib: before 4.10.0-62.0.1

fence-agents-ibmblade: before 4.10.0-62.0.1

fence-agents-ibm-vpc: before 4.10.0-62.0.1

fence-agents-ibm-powervs: before 4.10.0-62.0.1

fence-agents-hpblade: before 4.10.0-62.0.1

fence-agents-heuristics-ping: before 4.10.0-62.0.1

fence-agents-eps: before 4.10.0-62.0.1

fence-agents-emerson: before 4.10.0-62.0.1

fence-agents-eaton-snmp: before 4.10.0-62.0.1

fence-agents-drac5: before 4.10.0-62.0.1

fence-agents-common: before 4.10.0-62.0.1

fence-agents-cisco-ucs: before 4.10.0-62.0.1

fence-agents-cisco-mds: before 4.10.0-62.0.1

fence-agents-brocade: before 4.10.0-62.0.1

fence-agents-bladecenter: before 4.10.0-62.0.1

fence-agents-apc-snmp: before 4.10.0-62.0.1

fence-agents-apc: before 4.10.0-62.0.1

fence-agents-amt-ws: before 4.10.0-62.0.1

ha-cloud-support: before 4.10.0-62.0.1

fence-virtd-tcp: before 4.10.0-62.0.1

fence-virtd-serial: before 4.10.0-62.0.1

fence-virtd-multicast: before 4.10.0-62.0.1

fence-virtd-libvirt: before 4.10.0-62.0.1

fence-virtd-cpg: before 4.10.0-62.0.1

fence-virtd: before 4.10.0-62.0.1

fence-virt: before 4.10.0-62.0.1

fence-agents-gce: before 4.10.0-62.0.1

fence-agents-azure-arm: before 4.10.0-62.0.1

fence-agents-aws: before 4.10.0-62.0.1

fence-agents-aliyun: before 4.10.0-62.0.1

fence-agents-redfish: before 4.10.0-62.0.1

fence-agents-kubevirt: before 4.10.0-62.0.1

fence-agents-kdump: before 4.10.0-62.0.1

fence-agents-all: before 4.10.0-62.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0899


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

6) Cross-site scripting

EUVDB-ID: #VU89677

Risk: Medium

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]

CVE-ID: CVE-2024-34064

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No

Description

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the "xmlattr" filter. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-62.0.1

fence-agents-vmware-soap: before 4.10.0-62.0.1

fence-agents-vmware-rest: before 4.10.0-62.0.1

fence-agents-virsh: before 4.10.0-62.0.1

fence-agents-scsi: before 4.10.0-62.0.1

fence-agents-sbd: before 4.10.0-62.0.1

fence-agents-rsb: before 4.10.0-62.0.1

fence-agents-rsa: before 4.10.0-62.0.1

fence-agents-rhevm: before 4.10.0-62.0.1

fence-agents-mpath: before 4.10.0-62.0.1

fence-agents-lpar: before 4.10.0-62.0.1

fence-agents-ipmilan: before 4.10.0-62.0.1

fence-agents-ipdu: before 4.10.0-62.0.1

fence-agents-intelmodular: before 4.10.0-62.0.1

fence-agents-ilo2: before 4.10.0-62.0.1

fence-agents-ilo-ssh: before 4.10.0-62.0.1

fence-agents-ilo-mp: before 4.10.0-62.0.1

fence-agents-ilo-moonshot: before 4.10.0-62.0.1

fence-agents-ifmib: before 4.10.0-62.0.1

fence-agents-ibmblade: before 4.10.0-62.0.1

fence-agents-ibm-vpc: before 4.10.0-62.0.1

fence-agents-ibm-powervs: before 4.10.0-62.0.1

fence-agents-hpblade: before 4.10.0-62.0.1

fence-agents-heuristics-ping: before 4.10.0-62.0.1

fence-agents-eps: before 4.10.0-62.0.1

fence-agents-emerson: before 4.10.0-62.0.1

fence-agents-eaton-snmp: before 4.10.0-62.0.1

fence-agents-drac5: before 4.10.0-62.0.1

fence-agents-common: before 4.10.0-62.0.1

fence-agents-cisco-ucs: before 4.10.0-62.0.1

fence-agents-cisco-mds: before 4.10.0-62.0.1

fence-agents-brocade: before 4.10.0-62.0.1

fence-agents-bladecenter: before 4.10.0-62.0.1

fence-agents-apc-snmp: before 4.10.0-62.0.1

fence-agents-apc: before 4.10.0-62.0.1

fence-agents-amt-ws: before 4.10.0-62.0.1

ha-cloud-support: before 4.10.0-62.0.1

fence-virtd-tcp: before 4.10.0-62.0.1

fence-virtd-serial: before 4.10.0-62.0.1

fence-virtd-multicast: before 4.10.0-62.0.1

fence-virtd-libvirt: before 4.10.0-62.0.1

fence-virtd-cpg: before 4.10.0-62.0.1

fence-virtd: before 4.10.0-62.0.1

fence-virt: before 4.10.0-62.0.1

fence-agents-gce: before 4.10.0-62.0.1

fence-agents-azure-arm: before 4.10.0-62.0.1

fence-agents-aws: before 4.10.0-62.0.1

fence-agents-aliyun: before 4.10.0-62.0.1

fence-agents-redfish: before 4.10.0-62.0.1

fence-agents-kubevirt: before 4.10.0-62.0.1

fence-agents-kdump: before 4.10.0-62.0.1

fence-agents-all: before 4.10.0-62.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0899


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

7) Information disclosure

EUVDB-ID: #VU92262

Risk: Low

CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2024-37891

CWE-ID: CWE-200 - Information exposure

Exploit availability: No

Description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to Prox-Authorization header is not stripped during cross-origin redirects when using urllib3's proxy support with ProxyManager. A remote attacker can gain obtain proxy credentials used by the library.

Mitigation

Install updates from vendor's repository.

Vulnerable software versions

Anolis OS: 8

fence-agents-wti: before 4.10.0-62.0.1

fence-agents-vmware-soap: before 4.10.0-62.0.1

fence-agents-vmware-rest: before 4.10.0-62.0.1

fence-agents-virsh: before 4.10.0-62.0.1

fence-agents-scsi: before 4.10.0-62.0.1

fence-agents-sbd: before 4.10.0-62.0.1

fence-agents-rsb: before 4.10.0-62.0.1

fence-agents-rsa: before 4.10.0-62.0.1

fence-agents-rhevm: before 4.10.0-62.0.1

fence-agents-mpath: before 4.10.0-62.0.1

fence-agents-lpar: before 4.10.0-62.0.1

fence-agents-ipmilan: before 4.10.0-62.0.1

fence-agents-ipdu: before 4.10.0-62.0.1

fence-agents-intelmodular: before 4.10.0-62.0.1

fence-agents-ilo2: before 4.10.0-62.0.1

fence-agents-ilo-ssh: before 4.10.0-62.0.1

fence-agents-ilo-mp: before 4.10.0-62.0.1

fence-agents-ilo-moonshot: before 4.10.0-62.0.1

fence-agents-ifmib: before 4.10.0-62.0.1

fence-agents-ibmblade: before 4.10.0-62.0.1

fence-agents-ibm-vpc: before 4.10.0-62.0.1

fence-agents-ibm-powervs: before 4.10.0-62.0.1

fence-agents-hpblade: before 4.10.0-62.0.1

fence-agents-heuristics-ping: before 4.10.0-62.0.1

fence-agents-eps: before 4.10.0-62.0.1

fence-agents-emerson: before 4.10.0-62.0.1

fence-agents-eaton-snmp: before 4.10.0-62.0.1

fence-agents-drac5: before 4.10.0-62.0.1

fence-agents-common: before 4.10.0-62.0.1

fence-agents-cisco-ucs: before 4.10.0-62.0.1

fence-agents-cisco-mds: before 4.10.0-62.0.1

fence-agents-brocade: before 4.10.0-62.0.1

fence-agents-bladecenter: before 4.10.0-62.0.1

fence-agents-apc-snmp: before 4.10.0-62.0.1

fence-agents-apc: before 4.10.0-62.0.1

fence-agents-amt-ws: before 4.10.0-62.0.1

ha-cloud-support: before 4.10.0-62.0.1

fence-virtd-tcp: before 4.10.0-62.0.1

fence-virtd-serial: before 4.10.0-62.0.1

fence-virtd-multicast: before 4.10.0-62.0.1

fence-virtd-libvirt: before 4.10.0-62.0.1

fence-virtd-cpg: before 4.10.0-62.0.1

fence-virtd: before 4.10.0-62.0.1

fence-virt: before 4.10.0-62.0.1

fence-agents-gce: before 4.10.0-62.0.1

fence-agents-azure-arm: before 4.10.0-62.0.1

fence-agents-aws: before 4.10.0-62.0.1

fence-agents-aliyun: before 4.10.0-62.0.1

fence-agents-redfish: before 4.10.0-62.0.1

fence-agents-kubevirt: before 4.10.0-62.0.1

fence-agents-kdump: before 4.10.0-62.0.1

fence-agents-all: before 4.10.0-62.0.1

CPE2.3 External links

https://anas.openanolis.cn/errata/detail/ANSA-2024:0899


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.



###SIDEBAR###