Detections
Analytics

FreeBSD : Gitlab -- Vulnerabilities (aaea7b7c-4887-11ee-b164-001b217b3468)

high Nessus Plugin ID 180454

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the aaea7b7c-4887-11ee-b164-001b217b3468 advisory.

 - An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a project member can leak credentials stored in site profile. (CVE-2022-4343)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.0 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to edit labels description by an unauthorised user. (CVE-2023-0120)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 4.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 where it was possible to create a URL that would redirect to a different project. (CVE-2023-1279)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.2 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. A namespace- level banned user can access the API. (CVE-2023-1555)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.11 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. An authenticated user could trigger a denial of service when importing or cloning malicious content. (CVE-2023-3205)

 - An issue has been discovered in GitLab EE affecting all versions starting from 16.1 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. If an external user is given an owner role on any group, that external user may escalate their privileges on the instance by creating a service account in that group. This service account is not classified as external and may be used to access internal projects. (CVE-2023-3915)

 - Gitlab reports: Privilege escalation of external user to internal access through group service account Maintainer can leak sentry token by changing the configured URL (fix bypass) Google Cloud Logging private key showed in plain text in GitLab UI leaking to other group owners Information disclosure via project import endpoint Developer can leak DAST scanners Site Profile request headers and auth password Project forking outside current group User is capable of creating Model experiment and updating existing run's status in public project ReDoS in bulk import API Pagination for Branches and Tags can be skipped leading to DoS Internal Open Redirection Due to Improper handling of ../ characters Subgroup Member With Reporter Role Can Edit Group Labels Banned user can delete package registries (CVE-2023-3950, CVE-2023-4378)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to create model experiments in public projects. (CVE-2023-4018)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 10.6 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which any user can read limited information about any project's imports. (CVE-2023-4630)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.3 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1. Due to improper permission validation it was possible to fork a project outside of current group by an unauthorised user.
 (CVE-2023-4638)

 - An issue has been discovered in GitLab CE/EE affecting all versions starting from 15.3 before 16.1.5, all versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which the projects API pagination can be skipped, potentially leading to DoS on certain instances. (CVE-2023-4647)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected packages.

See Also

http://www.nessus.org/u?9f755f06

http://www.nessus.org/u?d5d2af4d

Plugin Details

Severity: High

ID: 180454

File Name: freebsd_pkg_aaea7b7c488711eeb164001b217b3468.nasl

Version: 1.3

Type: local

Published: 9/1/2023

Updated: 9/21/2023

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 8.3

Temporal Score: 6.1

Vector: CVSS2#AV:N/AC:L/Au:M/C:C/I:C/A:C

CVSS Score Source: CVE-2023-3915

CVSS v3

Risk Factor: High

Base Score: 7.2

Temporal Score: 6.3

Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:U/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:freebsd:freebsd, p-cpe:/a:freebsd:freebsd:gitlab-ce

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Ease: No known exploits are available

Patch Publication Date: 9/1/2023

Vulnerability Publication Date: 8/31/2023

Reference Information

CVE: CVE-2022-4343, CVE-2023-0120, CVE-2023-1279, CVE-2023-1555, CVE-2023-3205, CVE-2023-3915, CVE-2023-3950, CVE-2023-4018, CVE-2023-4378, CVE-2023-4630, CVE-2023-4638, CVE-2023-4647

IAVA: 2023-A-0452-S