FreeBSD : gitlab -- Various security issues (5d62950f-3bb5-11e7-93f7-d43d7e971a1b)

This script is Copyright (C) 2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

GitLab reports : Information Disclosure in Issue and Merge Request
Trackers During an internal code review a critical vulnerability in
the GitLab Issue and Merge Request trackers was discovered. This
vulnerability could allow a user with access to assign ownership of an
issue or merge request to another user to disclose that user's private
token, email token, email address, and encrypted OTP secret.
Reporter-level access to a GitLab project is required to exploit this
flaw. SSRF when importing a project from a Repo by URL GitLab
instances that have enabled project imports using 'Repo by URL' were
vulnerable to Server-Side Request Forgery attacks. By specifying a
project import URL of localhost an attacker could target services that
are bound to the local interface of the server. These services often
do not require authentication. Depending on the service an attacker
might be able craft an attack using the project import request URL.
Links in Environments tab vulnerable to tabnabbing edio via HackerOne
reported that user-configured Environment links include target=_blank
but do not also include rel: noopener noreferrer. Anyone clicking on
these links may therefore be subjected to tabnabbing attacks where a
link back to the requesting page is maintained and can be manipulated
by the target server. Accounts with email set to 'Do not show on
profile' have addresses exposed in public atom feed Several GitLab
users reported that even with 'Do not show on profile' configured for
their email addresses those addresses were still being leaked in Atom
feeds if they commented on a public project.

See also :

http://www.nessus.org/u?a2b29199
http://www.nessus.org/u?e865d668

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.0
(CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 100284 ()

Bugtraq ID:

CVE ID: CVE-2017-0882

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now