FreeBSD : Gitlab -- multiple vulnerabilities (1fb13175-ed52-11ea-8b93-001b217b3468)

high Nessus Plugin ID 140234

Language:

New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Gitlab reports :

Vendor Cross-Account Assume-Role Attack

Stored XSS on the Vulnerability Page

Outdated Job Token Can Be Reused to Access Unauthorized Resources

File Disclosure Via Workhorse File Upload Bypass

Unauthorized Maintainer Can Edit Group Badge

Denial of Service Within Wiki Functionality

Sign-in Vulnerable to Brute-force Attacks

Invalidated Session Allows Account Access With an Old Password

GitLab Omniauth Endpoint Renders User Controlled Messages

Blind SSRF Through Repository Mirroring

Information Disclosure Through Incorrect Group Permission Verifications

No Rate Limit on GitLab Webhook Feature

GitLab Session Revocation Feature Does Not Invalidate All Sessions

OAuth Authorization Scope for an External Application Can Be Changed Without User Consent

Unauthorized Maintainer Can Delete Repository

Improper Verification of Deploy-Key Leads to Access Restricted Repository

Disabled Repository Still Accessible With a Deploy-Token

Duplicated Secret Code Generated by 2 Factor Authentication Mechanism

Lack of Validation Within Project Invitation Flow

Current Sessions Not Invalidated Upon Enabling 2 Factor Authentication

Users Without 2 Factor Authentication Can Be Blocked Accessing GitLab

Lack of Upper Bound Check Leading to Possible Denial of Service

2 Factor Authentication for Groups Was Not Enforced Within API Endpoint

GitLab Runner Denial of Service via CI Jobs

Update jQuery Dependency

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?93c2386d

http://www.nessus.org/u?2764b73c

Plugin Details

Severity: High

ID: 140234

File Name: freebsd_pkg_1fb13175ed5211ea8b93001b217b3468.nasl

Version: 1.5

Type: local

Published: 9/4/2020

Updated: 4/16/2021

Dependencies: ssh_get_info.nasl

Risk Information

CVSS Score Source: CVE-2020-13309

VPR

Risk Factor: Medium

Score: 6.3

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 5.1

Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P

Temporal Vector: E:POC/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.9

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gitlab-ce, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/2/2020

Vulnerability Publication Date: 9/2/2020

Reference Information

CVE: CVE-2020-11022, CVE-2020-13284, CVE-2020-13287, CVE-2020-13289, CVE-2020-13297, CVE-2020-13298, CVE-2020-13299, CVE-2020-13300, CVE-2020-13301, CVE-2020-13302, CVE-2020-13303, CVE-2020-13304, CVE-2020-13305, CVE-2020-13306, CVE-2020-13307, CVE-2020-13308, CVE-2020-13309, CVE-2020-13310, CVE-2020-13311, CVE-2020-13313, CVE-2020-13314, CVE-2020-13315, CVE-2020-13316, CVE-2020-13317, CVE-2020-13318