A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8 prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at client side.

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available.

  - A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8     prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the     title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at     client side. (CVE-2022-4007)

Note that Nessus relies on the presence of the package as reported by the vendor.

The version of GitLab installed on the remote host is affected by a vulnerability, as follows:

  - An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially     crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform     arbitrary actions on behalf of victims. (CVE-2023-0050)

  - An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions     of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were     not hidden, could be leaked from instance, group, or project settings to other users. (CVE-2022-4289)

  - An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with     SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed     malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM     token to perform actions on the group. (CVE-2022-4331)

  - An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible     for a project maintainer to extract a Datadog integration API key by modifying the site. (CVE-2023-0483)

  - A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8     prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the     title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at     client side. (CVE-2022-4007)

  - An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper     permissions checks an unauthorised user was able to read, add or edit a users private snippet.
    (CVE-2022-3758)

  - An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project     members could retrieve release descriptions via the API, even if the release visibility is restricted to     project members only in the project settings. (CVE-2023-0223)

  - An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This     vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
    (CVE-2022-4462)

  - An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible     to trigger a resource depletion attack due to improper filtering for number of requests to read commits     details. (CVE-2023-1072)

  - An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to     15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites     (CVE-2022-3381)

  - An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting     from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may     create a Project Access Token with Owner level privileges using a crafted request. (CVE-2023-1084)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f7c5b3a9-b9fb-11ed-99c6-001b217b3468 advisory.

  - An issue has been discovered in GitLab affecting all versions starting from 10.0 to 15.7.8, 15.8 prior to     15.8.4 and 15.9 prior to 15.9.2. A crafted URL could be used to redirect users to arbitrary sites. This is     a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N, 4.3). It is now mitigated in the     latest release and is assigned CVE-2022-3381. (CVE-2022-3381)

  - An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Due to improper     permissions checks an unauthorised user was able to read, add or edit a users private snippet. This is a     medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N, 5.4). It is now mitigated in the     latest release and is assigned CVE-2022-3758. (CVE-2022-3758)

  - A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8     prior to 15.8.4, and version 15.9 prior to 15.9.2  A cross-site scripting vulnerability was found in the     title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at     client side. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N, 5.4). It is     now mitigated in the latest release and is assigned CVE-2022-4007. (CVE-2022-4007)

  - An issue has been discovered in GitLab affecting all versions starting from 15.3 before 15.7.8, versions     of 15.8 before 15.8.4, and version 15.9 before 15.9.2. Google IAP details in Prometheus integration were     not hidden, could be leaked from instance, group, or project settings to other users. This is a medium     severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N, 6.4). It is now mitigated in the latest     release and is assigned CVE-2022-4289. (CVE-2022-4289)

  - An issue has been discovered in GitLab EE affecting all versions starting from 15.1 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. If a group with     SAML SSO enabled is transferred to a new namespace as a child group, it's possible previously removed     malicious maintainer or owner of the child group can still gain access to the group via SSO or a SCIM     token to perform actions on the group. This is a medium severity issue     (CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:N, 5.7). It is now mitigated in the latest release and is     assigned CVE-2022-4331. (CVE-2022-4331)

  - An issue has been discovered in GitLab affecting all versions starting from 12.8 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. This     vulnerability could allow a user to unmask the Discord Webhook URL through viewing the raw API response.
    This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N, 5.0). It is now mitigated     in the latest release and is assigned CVE-2022-4462. (CVE-2022-4462)

  - An issue has been discovered in GitLab affecting all versions starting from 13.7 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A specially     crafted Kroki diagram could lead to a stored XSS on the client side which allows attackers to perform     arbitrary actions on behalf of victims. This is a high severity issue     (CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N, 8.7). It is now mitigated in the latest release and is     assigned CVE-2023-0050. (CVE-2023-0050)

  - An issue has been discovered in GitLab affecting all versions starting from 15.5 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. Non-project     members could retrieve release descriptions via the API, even if the release visibility is restricted to     project members only in the project settings. This is a medium severity issue     (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N, 5.3). It is now mitigated in the latest release and is     assigned CVE-2023-0223. (CVE-2023-0223)

  - An issue has been discovered in GitLab affecting all versions starting from 12.1 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible     for a project maintainer to extract a Datadog integration API key by modifying the site. This is a medium     severity issue (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N, 5.5). It is now mitigated in the latest     release and is assigned CVE-2023-0483. (CVE-2023-0483)

  - An issue has been discovered in GitLab affecting all versions starting from 9.0 before 15.7.8, all     versions starting from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. It was possible     to trigger a resource depletion attack due to improper filtering for number of requests to read commits     details. This is a medium severity issue (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L, 4.3). It is now     mitigated in the latest release and is assigned CVE-2023-1072. (CVE-2023-1072)

  - An issue has been discovered in GitLab CE/EE affecting all versions before 15.7.8, all versions starting     from 15.8 before 15.8.4, all versions starting from 15.9 before 15.9.2. A malicious project Maintainer may     create a Project Access Token with Owner level privileges using a crafted request. This is a low severity     issue (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N, 2.7). It is now mitigated in the latest release and     is assigned CVE-2023-1084. (CVE-2023-1084)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

The version of GitLab installed on the remote host is affected by a vulnerability, as follows:

  - A issue has been discovered in GitLab CE/EE affecting all versions from 15.3 prior to 15.7.8, version 15.8     prior to 15.8.4, and version 15.9 prior to 15.9.2 A cross-site scripting vulnerability was found in the     title field of work items that allowed attackers to perform arbitrary actions on behalf of victims at     client side. (CVE-2022-4007)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

ID	Name	Product	Family	Severity
258339	Linux Distros Unpatched Vulnerability : CVE-2022-4007	Nessus	Misc.	medium
187524	GitLab < 15.7.8 (SECURITY-RELEASE-GITLAB-15-9-2-RELEASED)	Nessus	CGI abuses	high
172086	FreeBSD : Gitlab -- Multiple Vulnerabilities (f7c5b3a9-b9fb-11ed-99c6-001b217b3468)	Nessus	FreeBSD Local Security Checks	high
172070	GitLab 15.3 < 15.7.8 / 15.8 < 15.8.4 / 15.9 < 15.9.2 (CVE-2022-4007)	Nessus	CGI abuses	medium

Detections

Analytics

CVE-2022-4007

medium

Tenable Plugins

medium

high

high

medium