Vulners
Lucene search
GitLab 13.12 < 16.1.5 / 16.2 < 16.2.5 / 16.3 < 16.3.1 (CVE-2022-4343)
šļøĀ 31 Aug 2023Ā 00:00:00Reported byĀ TenableTypeĀ 
Ā nessusšĀ www.tenable.comšĀ 31Ā Views
| Reporter | Title | Published | Views | Family All 15 |
|---|---|---|---|---|
 | Gitlab -- Vulnerabilities | 31 Aug 202300:00 | ā | freebsd |
 | CVE-2022-4343 | 1 Sep 202314:14 | ā | circl |
 | GitLab Security Breach | 1 Sep 202300:00 | ā | cnnvd |
 | CVE-2022-4343 | 1 Sep 202310:01 | ā | cve |
 | CVE-2022-4343 Exposure of Sensitive Information to an Unauthorized Actor in GitLab | 1 Sep 202310:01 | ā | cvelist |
 | CVE-2022-4343 | 1 Sep 202310:01 | ā | debiancve |
 | EUVD-2022-51696 | 3 Oct 202520:07 | ā | euvd |
| FreeBSD : Gitlab -- Vulnerabilities (aaea7b7c-4887-11ee-b164-001b217b3468) | 1 Sep 202300:00 | ā | nessus |
 | Vulnerabilities fixed in GitLab Enterprise Edition and Community Edition | 1 Sep 202300:00 | ā | ncsc |
 | CVE-2022-4343 | 1 Sep 202311:15 | ā | nvd |
10
| Source | Link |
|---|---|
| nessus | www.nessus.org/u |
| gitlab | www.gitlab.com/gitlab-org/gitlab/-/issues/385124 |
| hackerone | www.hackerone.com/reports/1767797 |
| cve | www.cve.mitre.org/cgi-bin/cvename.cgi |
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##
include('compat.inc');
if (description)
{
script_id(180425);
script_version("1.8");
script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/17");
script_cve_id("CVE-2022-4343");
script_xref(name:"IAVA", value:"2023-A-0452-S");
script_name(english:"GitLab 13.12 < 16.1.5 / 16.2 < 16.2.5 / 16.3 < 16.3.1 (CVE-2022-4343)");
script_set_attribute(attribute:"synopsis", value:
"The version of GitLab installed on the remote host is affected by a vulnerability.");
script_set_attribute(attribute:"description", value:
"The version of GitLab installed on the remote host is affected by a vulnerability, as follows:
- An issue has been discovered in GitLab EE affecting all versions starting from 13.12 before 16.1.5, all
versions starting from 16.2 before 16.2.5, all versions starting from 16.3 before 16.3.1 in which a
project member can leak credentials stored in site profile. (CVE-2022-4343)
Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
# https://gitlab.com/gitlab-org/cves/-/blob/master/2022/CVE-2022-4343.json
script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?03ac9c48");
script_set_attribute(attribute:"see_also", value:"https://gitlab.com/gitlab-org/gitlab/-/issues/385124");
script_set_attribute(attribute:"see_also", value:"https://hackerone.com/reports/1767797");
script_set_attribute(attribute:"solution", value:
"Upgrade to GitLab version 16.1.5, 16.2.5, 16.3.1 or later.");
script_set_attribute(attribute:"agent", value:"unix");
script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N");
script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-4343");
script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
script_set_attribute(attribute:"exploit_available", value:"false");
script_set_attribute(attribute:"vuln_publication_date", value:"2023/08/31");
script_set_attribute(attribute:"patch_publication_date", value:"2023/08/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2023/08/31");
script_set_attribute(attribute:"plugin_type", value:"combined");
script_set_attribute(attribute:"cpe", value:"cpe:/a:gitlab:gitlab");
script_set_attribute(attribute:"generated_plugin", value:"current");
script_set_attribute(attribute:"stig_severity", value:"I");
script_set_attribute(attribute:"thorough_tests", value:"true");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"CGI abuses");
script_copyright(english:"This script is Copyright (C) 2023-2024 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("gitlab_webui_detect.nbin", "gitlab_nix_installed.nbin");
script_require_keys("installed_sw/GitLab");
exit(0);
}
include('vcf.inc');
var app = 'GitLab';
var app_info = vcf::combined_get_app_info(app:app);
if (report_paranoia < 2 && max_index(app_info.parsed_version[0]) < 3 && app_info.version =~ "^16\.(1|2|3)$")
if (!empty_or_null(app_info.port))
audit(AUDIT_POTENTIAL_VULN, app, app_info.version, app_info.port);
else
audit(AUDIT_POTENTIAL_VULN, app, app_info.version);
var constraints = [
{ 'min_version' : '13.12', 'fixed_version' : '16.1.5' },
{ 'min_version' : '16.2', 'fixed_version' : '16.2.5' },
{ 'min_version' : '16.3', 'fixed_version' : '16.3.1' }
];
vcf::check_version_and_report(
app_info:app_info,
constraints:constraints,
severity:SECURITY_WARNING
);
Data
Build on a solid foundation withĀ Vulners data
WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data
Api
Power your application withĀ Vulners API
The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access
App
Assess and manage vulnerabilities withĀ VulnersĀ tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
17 May 2024 00:00Current
5.1Medium risk
Vulners AI Score5.1
CVSS 3.14.3 - 5
EPSS0.00049
SSVC