Tenable scan plugin id -155999 156327

Hello Team,

We have two minions running on two ec2 instances. In our organization we use tenable to scan all nodes for security vulnerabilities. So recently tenable has reported a vulnerability with synthetic minion jar files. I’m adding the tenable scan output regarding to minions.

Can you please help me on how to remediate the below vulnerabilities.

• If you see Plugin Output, it displays a path location with synthetics-minion.jar file location and also show which version of that jar and shows which version of jar we need to update to fix the issue. I’m not sure on how to update it. Can you please help me with it?( https://www.tenable.com/plugins/nessus/155999, https://www.tenable.com/plugins/nessus/156327)
• I was planning to do a workaround like doing a ssh into that host and cd into that Path location and delete the synthetic-minion.jar will that fix my issue or this is not a proper solution? Please let me know.
• Can you explain why NewRelic synthetic minion nodes are reporting this two vulnerabilities.
https://www.tenable.com/plugins/nessus/12217
https://www.tenable.com/plugins/nessus/35450

Plugin Plugin Name Family Severity IP Address Port DNS Name NetBIOS Name Plugin Output First Discovered Last Observed Days Elapsed Notes
155999 Apache Log4j < 2.15.0 Remote Code Execution (Nix) Misc. High 100.65.16.120 0 ip-100-65-16-120.ec2.internal Plugin Output:
Path : /var/lib/docker/overlay2/223701f794aa5aa3f0c0d91b83580078f742a593b448f84da10ec730512cfa81/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.3 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
155999 Apache Log4j < 2.15.0 Remote Code Execution (Nix) Misc. High 100.65.16.184 0 ip-100-65-16-184.ec2.internal Plugin Output:
Path : /var/lib/docker/overlay2/b473fec22eb6eee90916e0426f0e82fd434a23bfef9f255d3d436decebee08ae/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.3 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
156327 Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE Misc. Medium 100.65.16.120 0 ip-100-65-16-120.ec2.internal Plugin Output:
Path : /var/lib/docker/overlay2/c0fd65fabc696875a29175a1008411518156a95e5a0a0a1d56aba8dafae3430c/merged/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1

Path : /var/lib/docker/overlay2/223701f794aa5aa3f0c0d91b83580078f742a593b448f84da10ec730512cfa81/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.4

Path : /var/lib/docker/overlay2/7daced9ea378964694ce2be63014c9e9add7d230ee7e33ed7c5309ad5a5e3383/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps

156327 Apache Log4j 2.0 < 2.3.2 / 2.4 < 2.12.4 / 2.13 < 2.17.1 RCE Misc. Medium 100.65.16.184 0 ip-100-65-16-184.ec2.internal
Path : /var/lib/docker/overlay2/b473fec22eb6eee90916e0426f0e82fd434a23bfef9f255d3d436decebee08ae/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.12.1
Fixed version : 2.12.4

Path : /var/lib/docker/overlay2/1eef6f618d7ebf2e734d54e4d0fe18545ca7c33519558155ccebea601cdb1c1b/diff/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1

Path : /var/lib/docker/overlay2/42cf077911e9fd23b15d78457340550c0e171d64d0c0efa1a66d0ace1bf81e00/merged/opt/newrelic/synthetics/synthetics-minion.jar
Installed version : 2.17.0
Fixed version : 2.17.1 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
12217 DNS Server Cache Snooping Remote Information Disclosure DNS Medium 100.65.16.214 53 ip-100-65-16-214.ec2.internal Plugin Output:
Nessus sent a non-recursive query for example.com
and received 1 answer :

93.184.216.34 Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps
35450 DNS Server Spoofed Request Amplification DDoS DNS Medium 100.65.16.214 53 ip-100-65-16-214.ec2.internal Plugin Output:
The DNS query was 17 bytes long, the answer is 420 bytes long. Jan 14, 2022 14:35:41 EST Jan 19, 2022 14:34:57 EST 6 DevOps

Please let me know if you need more information

Thanks,
Srikanth

Hi @srikanth.sharikar hope your week has been going well so far!

Do you note if any of those vulnerabilities align with the listed vulnerabilities on the public quay.io repository here:
Quay

^ the above link does represent the latest 3.0.60 release as mentioned in the release notes:
https://docs.newrelic.com/docs/release-notes/synthetics-release-notes/containerized-private-minions-release-notes/

For instance the Log4J vulnerability CVE-2021-45105 has been addressed.
What version of the Synthetics minion are you currently running?