Greetings,
We have just been advised by our security team after a vulnerability scan that our Nagios XI server has a jQuery < 1.9.0 XSS Vulnerability.
The file is located here and within a snap that can't be renamed or deleted:
/snap/chromium/3002/tests/data/HTML5test/scripts/jquery/jquery-1.7.2.min.js
After researching I found nothing on the web that mentions this or a way to update or remove the older JQuery file.
It's also located in this directory:
/snap/chromium/3010/tests/data/HTML5test/scripts/jquery/jquery-1.7.2.min.js
It appears as though this has been placed on the server after the last two upgrades maybe? Time stamps are 11/27/2024 and the 3010 folder 12/16/2024 when I did the last upgrade of Nagios XI on version 2024R1.3.2 (latest version of XI).
Please advise us on a way to remediate this or remove this file. Let me know if you have any questions.
Thank you!
jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
You do not have the required permissions to view the files attached to this post.
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
Notes on this issue:
The version of chromium that is installed on our Nagios XI system is version 131.0.6778.139
Latest version available on snapcraft.io is 131.0.6778.264 (maybe that version has an update version of JQuery on it)
Can someone confirm that Nagios XI is installing the Snap Cromium package as of November 2024 perhaps?
The version of chromium that is installed on our Nagios XI system is version 131.0.6778.139
Latest version available on snapcraft.io is 131.0.6778.264 (maybe that version has an update version of JQuery on it)
Can someone confirm that Nagios XI is installing the Snap Cromium package as of November 2024 perhaps?
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
LJMangha,
I'm not sure this file is directly related to Nagios XI. A couple questions for you:
What distribution/version are you on?
Are you running anything else on this server?
Best Regards,
Cory Norell
I'm not sure this file is directly related to Nagios XI. A couple questions for you:
What distribution/version are you on?
Are you running anything else on this server?
Best Regards,
Cory Norell
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
As a follow up, I have chromium-131.0.6778.204 installed on my system. I do not have the file you mentioned anywhere on the filesystem.
As of May 25th, 2018, all communications with Nagios Enterprises and its employees are covered under our new Privacy Policy.
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
Hello Cory,
Thanks for the reply!
The version of Nagios XI is 2024R1.3.2 (latest version of XI)
The only thing we use it for is Nagios XI ubuntu server 20.04.6 LTS with PRO support enabled for extended updates.
This is the only server that has the vulnerability for the snap/chromium JQuery file out of our 50 Ubuntu servers, and the only one running Nagios XI.
Hope that helps, let me know if you need additional information.
Thanks for the reply!
The version of Nagios XI is 2024R1.3.2 (latest version of XI)
The only thing we use it for is Nagios XI ubuntu server 20.04.6 LTS with PRO support enabled for extended updates.
This is the only server that has the vulnerability for the snap/chromium JQuery file out of our 50 Ubuntu servers, and the only one running Nagios XI.
Hope that helps, let me know if you need additional information.
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
If Nagios XI has nothing to do with the SNAP/Chromium directory I can try and update it w a snap refresh chromium command, but didn't want to break anything on the Nagios XI side of things. The reason I attributed this package to Nagios XI is that the time stamp on the snap folder is the same time I upgraded Nagios XI.
I do have a snapshot and backups of the server so I can always revert.
I do have a snapshot and backups of the server so I can always revert.
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
I did the refresh for chromium and it's now at version: .264
chromium 131.0.6778.264 from Canonical✓ refreshed
But the JQuery file is still in the directory
see attached pic
Does Nagios XI use the SNAP/Chromium directory?
if not, I'll try and figure out how to remove it - sudo snap remove --purge chromium
chromium 131.0.6778.264 from Canonical✓ refreshed
But the JQuery file is still in the directory
see attached pic
Does Nagios XI use the SNAP/Chromium directory?
if not, I'll try and figure out how to remove it - sudo snap remove --purge chromium
You do not have the required permissions to view the files attached to this post.
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
Cory,
Thanks for the help or letting me know that Nagios XI doesn't use the SNAP/Chromium package. I did a sudo snap remove --purge chromium, nagios XI seems to be working as normal.
I submitted a bug report to Ubuntu Chromium-browser package on this issue. Thanks for your time.
Thanks for the help or letting me know that Nagios XI doesn't use the SNAP/Chromium package. I did a sudo snap remove --purge chromium, nagios XI seems to be working as normal.
I submitted a bug report to Ubuntu Chromium-browser package on this issue. Thanks for your time.
-
DoubleDoubleA
- Posts: 272
- Joined: Thu Feb 09, 2017 5:07 pm
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
Hi @LJMangha,
To clarify, XI does use chromium, specifically for printing reporting to pdf.
I believe Cory was saying he didn't see jquery with his chromium.
If you don't print reports to pdf you may not miss chromium. As I look at the paths you posted, there are /test and /HTML5test so perhaps the jquery gets used in those tests.
If it turns out you do want chromium for pdfs and you reinstall chromium and you still see jquery, you should be fine to simply delete the offending file itself, and not chromium entirely.
Aaron
To clarify, XI does use chromium, specifically for printing reporting to pdf.
I believe Cory was saying he didn't see jquery with his chromium.
If you don't print reports to pdf you may not miss chromium. As I look at the paths you posted, there are /test and /HTML5test so perhaps the jquery gets used in those tests.
If it turns out you do want chromium for pdfs and you reinstall chromium and you still see jquery, you should be fine to simply delete the offending file itself, and not chromium entirely.
Aaron
Re: jQuery < 1.9.0 XSS Vulnerability located in Snap/chromium folder
Greetings Aaron,
Thanks for the update on Nagios XI and chromium. Yes, we don't print pdf reports through the Nagios XI dashboard. The problem was that within the chromium snap directory all files are read-only file system and it's not possible to modify any files in that directory, couldn't delete rename or anything. I read where you can mount files within a snap and edit them but they would be the same name once replaced from what I read, which wouldn't do any good when the security scanner scanned the file since it has the same file name. I did uninstall the chromium snap since it had the older vulnerable JQuery file in that directory and the scan came back clean from our security scanner. Thank you again for your explanation and helping me understand how all that works with Nagios XI. Have a great Friday!
Removed:
sudo snap remove --purge chromium
Thanks for the update on Nagios XI and chromium. Yes, we don't print pdf reports through the Nagios XI dashboard. The problem was that within the chromium snap directory all files are read-only file system and it's not possible to modify any files in that directory, couldn't delete rename or anything. I read where you can mount files within a snap and edit them but they would be the same name once replaced from what I read, which wouldn't do any good when the security scanner scanned the file since it has the same file name. I did uninstall the chromium snap since it had the older vulnerable JQuery file in that directory and the scan came back clean from our security scanner. Thank you again for your explanation and helping me understand how all that works with Nagios XI. Have a great Friday!
Removed:
sudo snap remove --purge chromium