Detections
Analytics

FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)

medium Nessus Plugin ID 172393

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory.

 - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. (CVE-2022-31129)

 - Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the
 _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There are no workarounds. (CVE-2023-22476)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31129

https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22476

http://www.nessus.org/u?7dca5d0c

Plugin Details

Severity: Medium

ID: 172393

File Name: freebsd_pkg_bed545c6bdb811edbca8a33124f1beb1.nasl

Version: 1.1

Type: local

Published: 3/9/2023

Updated: 8/31/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 4.4

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 4.1

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2022-31129

CVSS v3

Risk Factor: Medium

Base Score: 4.3

Temporal Score: 4

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

CVSS Score Source: CVE-2023-22476

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:mantis-php74, p-cpe:/a:freebsd:freebsd:mantis-php80, p-cpe:/a:freebsd:freebsd:mantis-php81, p-cpe:/a:freebsd:freebsd:mantis-php82, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/8/2023

Vulnerability Publication Date: 7/6/2022

Reference Information

CVE: CVE-2022-31129, CVE-2023-22476