Main Vulnerability Database SB2023062231

SB2023062231 - SUSE update for SUSE Manager Client Tools

Published: June 22, 2023

Security Bulletin ID SB2023062231

Severity

High

Patch available

YES

Number of vulnerabilities 15

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 15 secuirty vulnerabilities.

1) Incorrect Regular Expression (CVE-ID: CVE-2020-7753)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient input validation when processing regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.

2) Input validation error (CVE-ID: CVE-2021-3807)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input when matching crafted invalid ANSI escape codes in ansi-regex. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

3) Code Injection (CVE-ID: CVE-2021-3918)

The disclosed vulnerability allows a remote attacker to execute arbitrary code on the system.

The vulnerability exists due to insufficient sanitization of user-supplied data during the validation of a JSON object. A remote attacker can pass a specially crafted JSON file for validation and execute arbitrary code.

4) Prototype pollution (CVE-ID: CVE-2021-43138)

The vulnerability allows a remote attacker to escalate privileges within the application.

The vulnerability exists due to improper input validation when handling data passed via the mapValues() method. A remote attacker can send a specially crafted request and escalate privileges within the application.

5) Information disclosure (CVE-ID: CVE-2022-0155)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the application. A remote attacker can gain unauthorized access to sensitive information on the system.

6) Input validation error (CVE-ID: CVE-2022-27664)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to an HTTP/2 connection can hang during closing if shutdown were preempted by a fatal error. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.

7) Stored cross-site scripting (CVE-ID: CVE-2022-31097)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data. A remote user can inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

8) Improper Authentication (CVE-ID: CVE-2022-31107)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to an error in OAuth implementation routine. A remote attacker can bypass authentication process and login under arbitrary account.

9) Resource exhaustion (CVE-ID: CVE-2022-32149)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to ParseAcceptLanguage does not properly control consumption of internal resources. A remote attacker can send a specially crafted Accept-Language header that will take a significant time to parse and perform a denial of service (DoS) attack.

10) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2022-35957)

The vulnerability allows a remote user to escalate privileges within the application.

The vulnerability exists due to the way Grafana handles authorization process when Auth proxy authentication is used. A remote user with admin privileges can authenticate as Server Admin by providing the username (or email) in a X-WEBAUTH-USER HTTP header.

11) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2022-36062)

The vulnerability allows a remote user to escalate privileges on the system.

The vulnerability exists due to application does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.

12) Resource exhaustion (CVE-ID: CVE-2022-41715)

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources in regexp/syntax when handling regular expressions. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

13) Use of Password Hash Instead of Password for Authentication (CVE-ID: CVE-2022-46146)

The vulnerability allows a remote attacker to bypass authentication process.

The vulnerability exists due to incorrect implementation of basic authentication. A remote attacker with knowledge of the password hash can authenticate against Prometheus without actual knowledge of the password.

14) Information disclosure (CVE-ID: CVE-2023-1387)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to application allows users to login with a JWT token passed in the URL query parameter auth_token. A remote attacker can intercept the query and gain unauthorized access to the application.

15) Stored cross-site scripting (CVE-ID: CVE-2023-1410)

The disclosed vulnerability allows a remote user to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in the Graphite FunctionDescription tooltip. A remote user can permanently inject and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Remediation

Install update from vendor's website.

References

https://www.suse.com/support/update/announcement/2023/suse-su-20232578-1/

Vulnerable Software

SUSE Manager Proxy Module: 4.2 - 4.3
SUSE Manager Client Tools for SLE Micro: 5
SUSE Manager Client Tools for SLE: 15
SUSE Linux Enterprise Server for SAP Applications 15: SP1 - SP5
SUSE Linux Enterprise Server 15: SP1 - SP5
SUSE Linux Enterprise Real Time 15: SP1 - SP5
SUSE Linux Enterprise High Performance Computing 15: SP1 - SP5
SUSE Linux Enterprise Desktop 15: SP1 - SP5
SUSE Linux Enterprise Desktop: 15-SP1
SUSE Linux Enterprise Micro: 5.0 - 5.4
SUSE Linux Enterprise Server 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise Server 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS: 15-SP2
SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS: 15-SP1
SUSE Linux Enterprise Server: 15-SP3-LTSS
SUSE Linux Enterprise High Performance Computing: 15-SP3-LTSS
openSUSE Leap: 15.4 - 15.5
SUSE Enterprise Storage: 7.1
SUSE Manager Retail Branch Server: 4.2 - 4.3
SUSE Manager Proxy: 4.2 - 4.3
SUSE Linux Enterprise Server for SAP Applications: 15
SUSE CaaS Platform: 4.0
bind-doc: before 9.16.6-150000.12.65.1
libisccc1600-debuginfo: before 9.16.6-150000.12.65.1
libisccfg1600-debuginfo: before 9.16.6-150000.12.65.1
libirs-devel: before 9.16.6-150000.12.65.1
bind-chrootenv: before 9.16.6-150000.12.65.1
bind-debugsource: before 9.16.6-150000.12.65.1
libirs1601-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-debuginfo: before 9.16.6-150000.12.65.1
libns1604-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-debuginfo: before 9.16.6-150000.12.65.1
bind-devel: before 9.16.6-150000.12.65.1
bind: before 9.16.6-150000.12.65.1
bind-utils-debuginfo: before 9.16.6-150000.12.65.1
bind-debuginfo: before 9.16.6-150000.12.65.1
libns1604: before 9.16.6-150000.12.65.1
libisc1606-64bit: before 9.16.6-150000.12.65.1
libisccfg1600-64bit: before 9.16.6-150000.12.65.1
libirs1601-64bit: before 9.16.6-150000.12.65.1
libbind9-1600-64bit: before 9.16.6-150000.12.65.1
libdns1605-64bit: before 9.16.6-150000.12.65.1
libisccc1600-64bit: before 9.16.6-150000.12.65.1
python3-bind: before 9.16.6-150000.12.65.1
libisc1606: before 9.16.6-150000.12.65.1
libisccc1600: before 9.16.6-150000.12.65.1
libbind9-1600: before 9.16.6-150000.12.65.1
libisccfg1600: before 9.16.6-150000.12.65.1
bind-utils: before 9.16.6-150000.12.65.1
libdns1605: before 9.16.6-150000.12.65.1
libirs1601: before 9.16.6-150000.12.65.1
grafana-debuginfo: before 9.5.1-150000.1.48.5
python3-uyuni-common-libs: before 4.3.8-150000.1.33.1
grafana: before 9.5.1-150000.1.48.5
zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
mgr-daemon: before 4.3.7-150000.1.41.1
python3-zypp-plugin-spacewalk: before 1.0.14-150000.3.35.1
wire-debuginfo: before 0.5.0-150000.1.12.3
wire: before 0.5.0-150000.1.12.3
spacecmd: before 4.3.21-150000.3.98.1
dracut-saltboot: before 0.1.1681904360.84ef141-150000.1.50.1
bind-devel-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit-debuginfo: before 9.16.6-150000.12.65.1
libns1604-32bit-debuginfo: before 9.16.6-150000.12.65.1
libdns1605-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit: before 9.16.6-150000.12.65.1
libbind9-1600-32bit: before 9.16.6-150000.12.65.1
libisccc1600-32bit: before 9.16.6-150000.12.65.1
libirs1601-32bit: before 9.16.6-150000.12.65.1
libisc1606-32bit-debuginfo: before 9.16.6-150000.12.65.1
libbind9-1600-32bit-debuginfo: before 9.16.6-150000.12.65.1
libisc1606-32bit: before 9.16.6-150000.12.65.1
libisccfg1600-32bit-debuginfo: before 9.16.6-150000.12.65.1