FreeBSD : Gitlab -- Multiple vulnerabilities (11292460-3f2f-11e9-adcb-001b217b3468)

critical Nessus Plugin ID 122630

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Gitlab reports :

Arbitrary file read via MergeRequestDiff

CSRF add Kubernetes cluster integration

Blind SSRF in prometheus integration

Merge request information disclosure

IDOR milestone name information disclosure

Burndown chart information disclosure

Private merge request titles in public project information disclosure

Private namespace disclosure in email notification when issue is moved

Milestone name disclosure

Issue board name disclosure

NPM automatic package referencer

Path traversal snippet mover

Information disclosure repo existence

Issue DoS via Mermaid

Privilege escalation impersonate user

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?14fc16a1

http://www.nessus.org/u?e5cd5c1c

Plugin Details

Severity: Critical

ID: 122630

File Name: freebsd_pkg_112924603f2f11e9adcb001b217b3468.nasl

Version: 1.6

Type: local

Published: 3/6/2019

Updated: 6/17/2024

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 6.5

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9485

CVSS v3

Risk Factor: Critical

Base Score: 10

Temporal Score: 9

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

CVSS Score Source: CVE-2019-9174

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:gitlab-ce

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/5/2019

Vulnerability Publication Date: 3/4/2019

Reference Information

CVE: CVE-2019-9170, CVE-2019-9171, CVE-2019-9172, CVE-2019-9174, CVE-2019-9175, CVE-2019-9176, CVE-2019-9178, CVE-2019-9179, CVE-2019-9217, CVE-2019-9219, CVE-2019-9220, CVE-2019-9221, CVE-2019-9222, CVE-2019-9223, CVE-2019-9224, CVE-2019-9225, CVE-2019-9485