Detections
Analytics
FreeBSD : Gitlab -- Multiple Vulnerabilities (0a305431-bc98-11ea-a051-001b217b3468)
high Nessus Plugin ID 138123
Language:
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Gitlab reports :Missing Permission Check on Time Tracking
Cross-Site Scripting in PyPi Files API
Insecure Authorization Check on Private Project Security Dashboard
Cross-Site Scripting in References
Cross-Site Scripting in Group Names
Cross-Site Scripting in Blob Viewer
Cross-Site Scripting in Error Tracking
Insecure Authorisation Check on Creation and Deletion of Deploy Tokens
User Name Format Restiction Bypass
Denial of Service in Issue Comments
Cross-Site Scripting in Wiki Pages
Private Merge Request Updates Leaked via Todos
Private User Activity Leaked via API
Cross-Site Scripting in Bitbucket Import Feature
Github Project Restriction Bypass
Update PCRE Dependency
Update Kaminari Gem
Cross-Site Scripting in User Profile
Update Xterm.js
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 138123
File Name: freebsd_pkg_0a305431bc9811eaa051001b217b3468.nasl
Version: 1.5
Type: local
Family: FreeBSD Local Security Checks
Published: 7/6/2020
Updated: 10/28/2022
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 5.9
CVSS v2
Risk Factor: Medium
Base Score: 6.8
Temporal Score: 5
Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2019-0542
CVSS v3
Risk Factor: High
Base Score: 8.8
Temporal Score: 7.7
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:gitlab-ce, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Ease: No known exploits are available
Patch Publication Date: 7/2/2020
Vulnerability Publication Date: 7/1/2020