Detections
Analytics

FreeBSD : Gitlab -- Gitlab (1d651770-f4f5-11eb-ba49-001b217b3468)

high Nessus Plugin ID 152227

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Gitlab reports :

Stored XSS in Mermaid when viewing Markdown files

Stored XSS in default branch name

Perform Git actions with an impersonation token even if impersonation is disabled

Tag and branch name confusion allows Developer to access protected CI variables

New subscriptions generate OAuth tokens on an incorrect OAuth client application

Ability to list and delete impersonation tokens for your own user

Pipelines page is partially visible for users that have no right to see CI/CD

Improper email validation on an invite URL

Unauthorised user was able to add meta data upon issue creation

Unauthorized user can trigger deployment to a protected environment

Guest in private project can see CI/CD Analytics

Guest users can create issues for Sentry errors and track their status

Private user email disclosure via group invitation

Projects are allowed to add members with email address domain that should be blocked by group settings

Misleading username could lead to impersonation in using SSH Certificates

Unauthorized user is able to access and view project vulnerability reports

Denial of service in repository caused by malformed commit author

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?f3766283

http://www.nessus.org/u?78f85288

Plugin Details

Severity: High

ID: 152227

File Name: freebsd_pkg_1d651770f4f511ebba49001b217b3468.nasl

Version: 1.3

Type: local

Published: 8/5/2021

Updated: 9/7/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.5

Temporal Score: 4.8

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSS Score Source: CVE-2021-22236

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gitlab-ce, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 8/4/2021

Vulnerability Publication Date: 8/3/2021

Reference Information

CVE: CVE-2021-22236, CVE-2021-22237, CVE-2021-22239