Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.FREEBSD_PKG_BED545C6BDB811EDBCA8A33124F1BEB1.NASL
HistoryMar 09, 2023 - 12:00 a.m.

FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)

2023-03-0900:00:00
This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
30
JSON

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory.

  • moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2) complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k characters. Users who pass user-provided strings without sanity length checks to moment constructor are vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider limiting date lengths accepted from user input. (CVE-2022-31129)

  • Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the
    Summary field of private Issues (i.e. having Private view status, or belonging to a private Project) via a crafted bug_arr[] parameter in bug_actiongroup_ext.php. This issue is fixed in version 2.25.6. There are no workarounds. (CVE-2023-22476)

Note that Nessus has not tested for these issues but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from the FreeBSD VuXML database :
#
# Copyright 2003-2021 Jacques Vidrine and contributors
#
# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
# HTML, PDF, PostScript, RTF and so forth) with or without modification,
# are permitted provided that the following conditions are met:
# 1. Redistributions of source code (VuXML) must retain the above
#    copyright notice, this list of conditions and the following
#    disclaimer as the first lines of this file unmodified.
# 2. Redistributions in compiled form (transformed to other DTDs,
#    published online in any format, converted to PDF, PostScript,
#    RTF and other formats) must reproduce the above copyright
#    notice, this list of conditions and the following disclaimer
#    in the documentation and/or other materials provided with the
#    distribution.
#
# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
#

include('compat.inc');

if (description)
{
  script_id(172393);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/08/31");

  script_cve_id("CVE-2022-31129", "CVE-2023-22476");

  script_name(english:"FreeBSD : mantis -- multiple vulnerabilities (bed545c6-bdb8-11ed-bca8-a33124f1beb1)");

  script_set_attribute(attribute:"synopsis", value:
"The remote FreeBSD host is missing one or more security-related updates.");
  script_set_attribute(attribute:"description", value:
"The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple
vulnerabilities as referenced in the bed545c6-bdb8-11ed-bca8-a33124f1beb1 advisory.

  - moment is a JavaScript date library for parsing, validating, manipulating, and formatting dates. Affected
    versions of moment were found to use an inefficient parsing algorithm. Specifically using string-to-date
    parsing in moment (more specifically rfc2822 parsing, which is tried by default) has quadratic (N^2)
    complexity on specific inputs. Users may notice a noticeable slowdown is observed with inputs above 10k
    characters. Users who pass user-provided strings without sanity length checks to moment constructor are
    vulnerable to (Re)DoS attacks. The problem is patched in 2.29.4, the patch can be applied to all affected
    versions with minimal tweaking. Users are advised to upgrade. Users unable to upgrade should consider
    limiting date lengths accepted from user input. (CVE-2022-31129)

  - Mantis Bug Tracker (MantisBT) is an open source issue tracker. In versions prior to 2.25.6, due to
    insufficient access-level checks, any logged-in user allowed to perform Group Actions can access to the
    _Summary_ field of private Issues (i.e. having Private view status, or belonging to a private Project) via
    a crafted `bug_arr[]` parameter in *bug_actiongroup_ext.php*. This issue is fixed in version 2.25.6. There
    are no workarounds. (CVE-2023-22476)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=2022-31129");
  script_set_attribute(attribute:"see_also", value:"https://cve.mitre.org/cgi-bin/cvename.cgi?name=2023-22476");
  # https://vuxml.freebsd.org/freebsd/bed545c6-bdb8-11ed-bca8-a33124f1beb1.html
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?7dca5d0c");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:F/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-31129");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2023-22476");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/07/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2023/03/08");
  script_set_attribute(attribute:"plugin_publication_date", value:"2023/03/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mantis-php74");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mantis-php80");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mantis-php81");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:mantis-php82");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"FreeBSD Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");

  exit(0);
}


include("freebsd_package.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);


var flag = 0;

var packages = [
    'mantis-php74<2.25.6,1',
    'mantis-php80<2.25.6,1',
    'mantis-php81<2.25.6,1',
    'mantis-php82<2.25.6,1'
];

foreach var package( packages ) {
    if (pkg_test(save_report:TRUE, pkg: package)) flag++;
}

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_WARNING,
    extra      : pkg_report_get()
  );
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
freebsdfreebsdmantis-php74p-cpe:/a:freebsd:freebsd:mantis-php74
freebsdfreebsdmantis-php80p-cpe:/a:freebsd:freebsd:mantis-php80
freebsdfreebsdmantis-php81p-cpe:/a:freebsd:freebsd:mantis-php81
freebsdfreebsdmantis-php82p-cpe:/a:freebsd:freebsd:mantis-php82
freebsdfreebsdcpe:/o:freebsd:freebsd

Related

freebsd 1
openvas 14
prion 3
osv 9
github 2
cvelist 3
veracode 2
cve 3
ibm 35
ubuntucve 1
redhat 28
attackerkb 1
hackerone 1
redhatcve 1
nessus 26
debiancve 1
fedora 4
huntr 1
atlassian 3
debian 1
qualysblog 1
ubuntu 2
mageia 2
oracle 5
freebsd
freebsd
mantis -- multiple vulnerabilities
2023-01-06 00:00:00
openvas
openvas
MantisBT < 2.25.6 Multiple Vulnerabilities - Windows
2023-02-27 00:00:00
MantisBT < 2.25.6 Multiple Vulnerabilities - Linux
2023-02-27 00:00:00
Fedora: Security Advisory for subscription-manager-cockpit (FEDORA-2022-b9ef7c3c3c)
2022-09-05 00:00:00
prion
prion
Design/Logic Flaw
2023-02-23 19:15:00
Input validation
2022-07-06 18:15:00
Input validation
2023-01-04 22:15:00
osv
osv
CVE-2023-22476
2023-02-23 19:15:13
MantisBT may expose private issues' summaries to unauthorized users
2023-02-23 19:39:54
node-moment vulnerabilities
2022-08-10 11:13:31
github
github
MantisBT may expose private issues' summaries to unauthorized users
2023-02-23 19:39:54
Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-07-06 18:38:49
cvelist
cvelist
MantisBT: Exposure of Private issues' summary to unauthorized users
2023-02-23 19:00:02
Inefficient Regular Expression Complexity in moment
2022-07-06 00:00:00
luxon.js inefficient regular expression complexity vulnerability
2023-01-04 21:52:14
veracode
veracode
Information Disclosure
2023-03-01 11:27:13
Regular Expression Denial Of Service (ReDoS)
2022-07-07 05:14:54
cve
cve
CVE-2023-22476
2023-02-23 19:15:13
CVE-2022-31129
2022-07-06 18:15:00
CVE-2023-22467
2023-01-04 22:15:09
ibm
ibm
Security Bulletin: A security vulnerability in Node.js moment affects IBM Cloud Pak for Watson AIOps Infrastructure Automation
2022-10-22 20:33:44
Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Moment denial of service (CVE-2022-31129)
2023-02-07 21:32:04
Security Bulletin: IBM Planning Analytics Workspace is affected by a vulnerability [CVE-2022-31129]
2022-11-16 20:43:57
ubuntucve
ubuntucve
CVE-2022-31129
2022-07-06 00:00:00
redhat
redhat
(RHSA-2022:5915) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.2 security update
2022-08-08 08:18:33
(RHSA-2022:6392) Important: RHV RHEL Host (ovirt-host) [ovirt-4.5.2] security update
2022-09-08 11:19:30
(RHSA-2022:5914) Moderate: Red Hat Kiali for OpenShift Service Mesh 2.1 security update
2022-08-08 08:12:25
attackerkb
attackerkb
CVE-2022-31129
2022-07-06 00:00:00
hackerone
hackerone
Nextcloud: [nextcloud/server] Moment.js vulnerable to Inefficient Regular Expression Complexity
2022-09-26 11:16:15
redhatcve
redhatcve
CVE-2022-31129
2022-07-07 20:44:44
nessus
nessus
Tenable SecurityCenter 5.19.x / 5.20.x / 5.21.0 Moment.js Denial of Service (TNS-2022-18) (deprecated)
2022-09-08 00:00:00
RHEL 8 : RHV Host (ovirt-host) (RHSA-2022:6392)
2022-09-08 00:00:00
Tenable SecurityCenter < 5.22.0 Multiple Vulnerabilities (TNS-2022-15)
2022-07-29 00:00:00
debiancve
debiancve
CVE-2022-31129
2022-07-06 18:15:00
fedora
fedora
[SECURITY] Fedora 37 Update: subscription-manager-cockpit-4-1.fc37
2022-09-12 17:50:33
[SECURITY] Fedora 36 Update: subscription-manager-cockpit-4-1.fc36
2022-09-04 22:47:45
[SECURITY] Fedora 36 Update: python-notebook-6.4.11-3.fc36
2022-07-23 02:01:31
huntr
huntr
Regular Expression Denial of Service (ReDoS)
2022-06-06 11:09:00
atlassian
atlassian
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ as required for CVE-2022-24785 and CVE-2022-31129
2023-10-11 15:26:01
Upgrade moment library to 2.29.2+ for LTS version as required for CVE-2022-24785 and CVE-2022-31129
2023-03-27 07:30:38
debian
debian
[SECURITY] [DLA 3295-1] node-moment security update
2023-01-30 21:30:15
qualysblog
qualysblog
Detection of Vulnerabilities in JavaScript Libraries
2023-01-16 11:46:18
ubuntu
ubuntu
Moment.js vulnerabilities
2022-08-10 00:00:00
PostfixAdmin vulnerabilities
2023-12-12 00:00:00
mageia
mageia
Updated jupyter-notebook packages fix security vulnerabilities
2024-03-16 04:42:48
Updated jupyter-notebook packages fix security vulnerability
2022-09-10 23:26:43
oracle
oracle
Oracle Critical Patch Update Advisory - October 2023
2023-10-17 00:00:00
Oracle Critical Patch Update Advisory - January 2023
2023-01-17 00:00:00
Oracle Critical Patch Update Advisory - October 2022
2022-10-18 00:00:00
JSON
Related for FREEBSD_PKG_BED545C6BDB811EDBCA8A33124F1BEB1.NASL
freebsd1openvas14prion3osv9github2cvelist3veracode2cve3ibm35ubuntucve1redhat28attackerkb1hackerone1redhatcve1nessus26debiancve1fedora4huntr1atlassian3debian1qualysblog1ubuntu2mageia2oracle5