Main Vulnerability Database SB2021120346

SB2021120346 - SUSE update for Security Beta update for SUMA client tools

Published: December 3, 2021

Security Bulletin ID SB2021120346

Severity

Medium

Patch available

YES

Number of vulnerabilities 6

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 6 secuirty vulnerabilities.

1) Exposure of Resource to Wrong Sphere (CVE-ID: CVE-2021-21996)

The vulnerability allows a local user to escalate privileges on the system.

The vulnerability exists due to the way Salt download URL. A local user with control over the file source URL and its source_hash URL can gain full file system access as root on a salt minion.

2) Improper Privilege Management (CVE-ID: CVE-2021-27962)

The vulnerability allows a remote attacker to escalate privileges within the application.

The vulnerability exists due to improper privilege management. A remote user with Editor privileges can bypass data source permissions on the organization's default data source.

3) Improper access control (CVE-ID: CVE-2021-28146)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions. A remote user can bypass implemented security restrictions and add external groups to existing teams.

4) Improper access control (CVE-ID: CVE-2021-28147)

The vulnerability allows a remote user to gain unauthorized access to otherwise restricted functionality.

The vulnerability exists due to improper access restrictions, when editorsCanAdmin feature is enabled. A remote user can bypass implemented security restrictions and add external group members to existing teams.

5) Improper control of interaction frequency (CVE-ID: CVE-2021-28148)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to absent control of interaction frequency within the HTTP API endpoint for insights usage. A remote non-authenticated attacker send multiple HTTP requests and perform a denial of service (DoS) attack.

6) Open redirect (CVE-ID: CVE-2021-29622)

The vulnerability allows a remote attacker to redirect victims to arbitrary URL.

The vulnerability exists due to improper sanitization of user-supplied data. A remote attacker can create a link that leads to a trusted website, however, when clicked, redirects the victim to arbitrary domain.

Successful exploitation of this vulnerability may allow a remote attacker to perform a phishing attack and steal potentially sensitive information.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2021/suse-su-20213908-1/

Vulnerable Software

zypp-plugin-spacewalk: before 1.0.10-6.15.1
suseRegisterInfo: before 4.3.1-6.15.2
supportutils-plugin-susemanager-client: before 4.3.1-6.12.2
spacewalk-remote-utils: before 4.3.1-6.9.2
spacewalk-oscap: before 4.3.1-6.9.2
spacewalk-koan: before 4.3.1-6.9.2
spacewalk-client-tools: before 4.3.4-6.33.3
spacewalk-client-setup: before 4.3.4-6.33.3
spacewalk-check: before 4.3.4-6.33.3
spacecmd: before 4.3.4-6.27.1
salt-zsh-completion: before 3003.3-8.44.1
salt-fish-completion: before 3003.3-8.44.1
salt-bash-completion: before 3003.3-8.44.1
python3-zypp-plugin-spacewalk: before 1.0.10-6.15.1
python3-suseRegisterInfo: before 4.3.1-6.15.2
python3-spacewalk-oscap: before 4.3.1-6.9.2
python3-spacewalk-koan: before 4.3.1-6.9.2
python3-spacewalk-client-tools: before 4.3.4-6.33.3
python3-spacewalk-client-setup: before 4.3.4-6.33.3
python3-spacewalk-check: before 4.3.4-6.33.3
python3-rhnlib: before 4.3.1-6.18.2
python3-mgr-virtualization-host: before 4.3.1-4.9.3
python3-mgr-virtualization-common: before 4.3.1-4.9.3
python3-mgr-push: before 4.3.1-4.9.3
python3-mgr-osad: before 4.3.2-4.18.2
python3-mgr-osa-common: before 4.3.2-4.18.2
python3-mgr-cfg-management: before 4.3.2-4.15.1
python3-mgr-cfg-client: before 4.3.2-4.15.1
python3-mgr-cfg-actions: before 4.3.2-4.15.1
python3-mgr-cfg: before 4.3.2-4.15.1
python3-jabberpy: before 0.5-5.5.1
python3-hwdata: before 2.3.5-5.7.1
python3-contextvars: before 2.4-3.3.1
mgr-virtualization-host: before 4.3.1-4.9.3
mgr-push: before 4.3.1-4.9.3
mgr-daemon: before 4.3.2-4.15.2
koan: before 3.0.1-7.12.1
hwdata: before 0.334-6.5.1
salt-standalone-formulas-configuration: before 3003.3-8.44.1
salt-ssh: before 3003.3-8.44.1
salt-proxy: before 3003.3-8.44.1
salt-minion: before 3003.3-8.44.1
salt-master: before 3003.3-8.44.1
salt-doc: before 3003.3-8.44.1
salt-cloud: before 3003.3-8.44.1
salt: before 3003.3-8.44.1
python3-uyuni-common-libs: before 4.3.1-3.21.2
python3-salt: before 3003.3-8.44.1
python3-immutables-debuginfo: before 0.11-3.3.1
python3-immutables: before 0.11-3.3.1
python-immutables-debugsource: before 0.11-3.3.1
prometheus-blackbox_exporter-debuginfo: before 0.19.0-3.3.2
prometheus-blackbox_exporter: before 0.19.0-3.3.2
grafana: before 7.5.7-4.15.3
golang-github-prometheus-prometheus: before 2.27.1-6.21.2
system-user-prometheus: before 1.0.0-3.5.1
system-user-grafana: before 1.0.0-3.5.1
mgr-osad: before 4.3.2-4.18.2
mgr-custom-info: before 4.3.2-4.9.1
mgr-cfg-management: before 4.3.2-4.15.1
mgr-cfg-client: before 4.3.2-4.15.1
mgr-cfg-actions: before 4.3.2-4.15.1
mgr-cfg: before 4.3.2-4.15.1