A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers to perform arbitrary actions on behalf of victims at client side.

The version of GitLab installed on the remote host is affected by a vulnerability, as follows:

  - A cross-site scripting issue has been discovered in GitLab CE/EE affecting all versions before 15.0.5,     15.1 prior to 15.1.4, and 15.2 prior to 15.2.1. A stored XSS flaw in job error messages allows attackers     to perform arbitrary actions on behalf of victims at client side. (CVE-2022-2500)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 4c26f668-0fd2-11ed-a83d-001b217b3468 advisory.

  - Gitlab reports: Revoke access to confidential notes todos Pipeline subscriptions trigger new pipelines     with the wrong author Ability to gain access to private project through an email invite by using other     user's email address as an unverified secondary email Import via git protocol allows to bypass checks on     repository Unauthenticated IP allowlist bypass when accessing job artifacts through GitLab Pages     Maintainer can leak Packagist and other integration access tokens by changing integration URL     Unauthenticated access to victims Grafana datasources through path traversal Unauthorized users can filter     issues by contact and organization Malicious Maintainer may change the visibility of project or a group     Stored XSS in job error messages Enforced group MFA can be bypassed when using Resource Owner Password     Credentials grant Non project members can view public project's Deploy Keys IDOR in project with Jira     integration leaks project owner's other projects Jira issues Group Bot Users and Tokens not deleted after     group deletion Email invited members can join projects even after the member lock has been enabled Datadog     integration returns user emails (CVE-2022-2095, CVE-2022-2303, CVE-2022-2307, CVE-2022-2326,     CVE-2022-2417, CVE-2022-2456, CVE-2022-2459, CVE-2022-2497, CVE-2022-2498, CVE-2022-2499, CVE-2022-2500,     CVE-2022-2501, CVE-2022-2512, CVE-2022-2531, CVE-2022-2534, CVE-2022-2539)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
163760	GitLab 0.0 < 15.0.5 / 15.1 < 15.1.4 / 15.2 < 15.2.1 (CVE-2022-2500)	Nessus	CGI abuses	medium
163649	FreeBSD : Gitlab -- multiple vulnerabilities (4c26f668-0fd2-11ed-a83d-001b217b3468)	Nessus	FreeBSD Local Security Checks	high

Detections

Analytics

CVE-2022-2500

medium

Tenable Plugins

medium

high