code |
include("compat.inc");
if (description)
{
script_id(128403);
script_version("1.5");
script_cvs_date("Date: 2019/12/31");
script_cve_id("CVE-2019-15721", "CVE-2019-15722", "CVE-2019-15723", "CVE-2019-15724", "CVE-2019-15725", "CVE-2019-15726", "CVE-2019-15727", "CVE-2019-15728", "CVE-2019-15729", "CVE-2019-15730", "CVE-2019-15731", "CVE-2019-15732", "CVE-2019-15733", "CVE-2019-15734", "CVE-2019-15736", "CVE-2019-15737", "CVE-2019-15738", "CVE-2019-15739", "CVE-2019-15740", "CVE-2019-15741");
script_name(english:"FreeBSD : Gitlab -- Multiple Vulnerabilities (b68cc195-cae7-11e9-86e9-001b217b3468)");
script_summary(english:"Checks for updated packages in pkg_info output");
script_set_attribute(
attribute:"synopsis",
value:
"The remote FreeBSD host is missing one or more security-related
updates."
);
script_set_attribute(
attribute:"description",
value:
"Gitlab reports :
Kubernetes Integration Server-Side Request Forgery
Server-Side Request Forgery in Jira Integration
Improved Protection Against Credential Stuffing Attacks
Markdown Clientside Resource Exhaustion
Pipeline Status Disclosure
Group Runner Authorization Issue
CI Metrics Disclosure
User IP Disclosed by Embedded Image and Media
Label Description HTML Injection
IDOR in Epic Notes API
Push Rule Bypass
Project Visibility Restriction Bypass
Merge Request Discussion Restriction Bypass
Disclosure of Merge Request IDs
Weak Authentication In Certain Account Actions
Disclosure of Commit Title and Comments
Stored XSS via Markdown
EXIF Geolocation Data Exposure
Multiple SSRF Regressions on Gitaly
Default Branch Name Exposure
Potential Denial of Service via CI Pipelines
Privilege Escalation via Logrotate"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?7628c99d"
);
script_set_attribute(
attribute:"see_also",
value:"http://www.nessus.org/u?204b0b35"
);
script_set_attribute(attribute:"solution", value:"Update the affected packages.");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:gitlab-ce");
script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
script_set_attribute(attribute:"vuln_publication_date", value:"2019/08/29");
script_set_attribute(attribute:"patch_publication_date", value:"2019/08/30");
script_set_attribute(attribute:"plugin_publication_date", value:"2019/08/30");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"FreeBSD Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
exit(0);
}
include("audit.inc");
include("freebsd_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (pkg_test(save_report:TRUE, pkg:"gitlab-ce>=12.2.0<12.2.3")) flag++;
if (pkg_test(save_report:TRUE, pkg:"gitlab-ce>=12.1.0<12.1.8")) flag++;
if (pkg_test(save_report:TRUE, pkg:"gitlab-ce>=0.0.0<12.0.8")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
|