Detections
Analytics
FreeBSD : Gitlab -- Multiple Vulnerabilities (a003b74f-d7b3-11ea-9df1-001b217b3468)
critical Nessus Plugin ID 139394
Language:
Synopsis
The remote FreeBSD host is missing a security-related update.Description
Gitlab reports :Arbitrary File Read when Moving an Issue
Memory Exhaustion via Excessive Logging of Invite Email Error
Denial of Service Through Project Import Feature
User Controlled Git Configuration Settings Resulting in SSRF
Stored XSS in Issue Reference Number Tooltip
Stored XSS in Issues List via Milestone Title
Improper Access Control After Group Transfer
Bypass Email Verification Required for OAuth Flow
Confusion When Using Hexadecimal Branch Names
Insufficient OAuth Revocation
Improper Access Control for Project Sharing
Stored XSS in Jobs Page
Improper Access Control of Applications Page
SSRF into Shared Runner
Update Kramdown Gem
Solution
Update the affected package.See Also
https://about.gitlab.com/releases/2020/08/05/gitlab-13-2-3-released/
Plugin Details
Severity: Critical
ID: 139394
File Name: freebsd_pkg_a003b74fd7b311ea9df1001b217b3468.nasl
Version: 1.6
Type: local
Family: FreeBSD Local Security Checks
Published: 8/7/2020
Updated: 2/26/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 6.7
CVSS v2
Risk Factor: High
Base Score: 7.5
Temporal Score: 6.2
Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS Score Source: CVE-2020-14001
CVSS v3
Risk Factor: Critical
Base Score: 9.8
Temporal Score: 9.1
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:gitlab-ce
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 8/6/2020
Vulnerability Publication Date: 8/5/2020
Exploitable With
Metasploit (GitLab File Read Remote Code Execution)
Reference Information
CVE: CVE-2020-10977, CVE-2020-13280, CVE-2020-13281, CVE-2020-14001