FreeBSD : Gitlab -- vulnerabilities (1bdd4db6-2223-11ec-91be-001b217b3468)

high Nessus Plugin ID 153870

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Gitlab reports :

Stored XSS in merge request creation page

Denial-of-service attack in Markdown parser

Stored Cross-Site Scripting vulnerability in the GitLab Flavored Markdown

DNS Rebinding vulnerability in Gitea importer

Exposure of trigger tokens on project exports

Improper access control for users with expired password

Access tokens are not cleared after impersonation

Reflected Cross-Site Scripting in Jira Integration

DNS Rebinding vulnerability in Fogbugz importer

Access tokens persist after project deletion

User enumeration vulnerability

Potential DOS via API requests

Pending invitations of public groups and public projects are visible to any user

Bypass Disabled Repo by URL Project Creation

Low privileged users can see names of the private groups shared in projects

API discloses sensitive info to low privileged users

Epic listing do not honour group memberships

Insecure Direct Object Reference vulnerability may lead to protected branch names getting disclosed

Low privileged users can import users from projects that they they are not a maintainer on

Potential DOS via dependencies API

Create a project with unlimited repository size through malicious Project Import

Bypass disabled Bitbucket Server import source project creation

Requirement to enforce 2FA is not honored when using git commands

Content spoofing vulnerability

Improper session management in impersonation feature

Create OAuth application with arbitrary scopes through content spoofing

Lack of account lockout on change password functionality

Epic reference was not updated while moved between groups

Missing authentication allows disabling of two-factor authentication

Information disclosure in SendEntry

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?54becce3

http://www.nessus.org/u?1440361c

Plugin Details

Severity: High

ID: 153870

File Name: freebsd_pkg_1bdd4db6222311ec91be001b217b3468.nasl

Version: 1.4

Type: local

Published: 10/5/2021

Updated: 11/29/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.2

CVSS v2

Risk Factor: Medium

Base Score: 5.5

Temporal Score: 4.3

Vector: CVSS2#AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS Score Source: CVE-2021-39867

CVSS v3

Risk Factor: High

Base Score: 8.1

Temporal Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gitlab-ce, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 9/30/2021

Vulnerability Publication Date: 9/30/2021

Reference Information

CVE: CVE-2021-22259, CVE-2021-39866, CVE-2021-39867, CVE-2021-39868, CVE-2021-39869, CVE-2021-39870, CVE-2021-39871, CVE-2021-39872, CVE-2021-39873, CVE-2021-39874, CVE-2021-39875, CVE-2021-39877, CVE-2021-39878, CVE-2021-39879, CVE-2021-39881, CVE-2021-39882, CVE-2021-39883, CVE-2021-39884, CVE-2021-39885, CVE-2021-39886, CVE-2021-39887