Detections
Analytics

FreeBSD : Gitlab -- Multiple Vulnerabilities (1aa7a094-1147-11ea-b537-001b217b3468)

critical Nessus Plugin ID 131466

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Gitlab reports :

Path traversal with potential remote code execution

Private objects exposed through project import

Disclosure of notes via Elasticsearch integration

Disclosure of comments via Elasticsearch integration

DNS Rebind SSRF in various chat notifications

Disclosure of vulnerability status in dependency list

Disclosure of commit count in Cycle Analytics

Exposure of related branch names

Tags pushes from blocked users

Branches and Commits exposed to Guest members via integration

IDOR when adding users to protected environments

Former project members able to access repository information

Unauthorized access to grafana metrics

Todos created for former project members

Update Mattermost dependency

Disclosure of AWS secret keys on certain Admin pages

Stored XSS in Group and User profile fields

Forked project information disclosed via Project API

Denial of Service in the issue and commit comment pages

Tokens stored in plaintext

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?4cf08a8c

http://www.nessus.org/u?896288a7

Plugin Details

Severity: Critical

ID: 131466

File Name: freebsd_pkg_1aa7a094114711eab537001b217b3468.nasl

Version: 1.4

Type: local

Published: 12/3/2019

Updated: 1/8/2020

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-19088

CVSS v3

Risk Factor: Critical

Base Score: 9.8

Temporal Score: 8.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:gitlab-ce

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 11/27/2019

Vulnerability Publication Date: 11/27/2019

Reference Information

CVE: CVE-2019-19086, CVE-2019-19087, CVE-2019-19088, CVE-2019-19254, CVE-2019-19255, CVE-2019-19256, CVE-2019-19257, CVE-2019-19258, CVE-2019-19259, CVE-2019-19260, CVE-2019-19261, CVE-2019-19262, CVE-2019-19263, CVE-2019-19309, CVE-2019-19310, CVE-2019-19311, CVE-2019-19312, CVE-2019-19313, CVE-2019-19314