FreeBSD : Gitlab -- Multiple vulnerabilities (56abf87b-96ad-11eb-a218-001b217b3468)

high Nessus Plugin ID 148526

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Gitlab reports :

Arbitrary File Read During Project Import

Kroki Arbitrary File Read/Write

Stored Cross-Site-Scripting in merge requests

Access data of an internal project through a public project fork as an anonymous user

Incident metric images can be deleted by any user

Infinite Loop When a User Access a Merge Request

Stored XSS in scoped labels

Admin CSRF in System Hooks Execution Through API

Update OpenSSL dependency

Update PostgreSQL dependency

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?0e82c998

http://www.nessus.org/u?4f6089ca

Plugin Details

Severity: High

ID: 148526

File Name: freebsd_pkg_56abf87b96ad11eba218001b217b3468.nasl

Version: 1.1

Type: local

Published: 4/14/2021

Updated: 4/14/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gitlab-ce, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 4/6/2021

Vulnerability Publication Date: 3/31/2021