Lucene search

K
nessusThis script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.GITLAB_CVE-2024-2874.NASL
HistoryMay 23, 2024 - 12:00 a.m.

GitLab 0 < 16.10.6 / 16.11 < 16.11.3 / 17.0 < 17.0.1 (CVE-2024-2874)

2024-05-2300:00:00
This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
3
gitlab
vulnerability
remote host
cve-2024-2874
disruption
web resources
nessus
version number

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

The version of GitLab installed on the remote host is affected by a vulnerability, as follows:

  • An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before 16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to disrupt the loading of targeted GitLab web resources. (CVE-2024-2874)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
##

include('compat.inc');

if (description)
{
  script_id(197737);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2024/05/31");

  script_cve_id("CVE-2024-2874");
  script_xref(name:"IAVA", value:"2024-A-0308");

  script_name(english:"GitLab 0 < 16.10.6 / 16.11 < 16.11.3 / 17.0 < 17.0.1 (CVE-2024-2874)");

  script_set_attribute(attribute:"synopsis", value:
"The version of GitLab installed on the remote host is affected by a vulnerability.");
  script_set_attribute(attribute:"description", value:
"The version of GitLab installed on the remote host is affected by a vulnerability, as follows:

  - An issue has been discovered in GitLab CE/EE affecting all versions before 16.10.6, version 16.11 before
    16.11.3, and 17.0 before 17.0.1. A runner registered with a crafted description has the potential to
    disrupt the loading of targeted GitLab web resources. (CVE-2024-2874)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version
number.");
  # https://gitlab.com/gitlab-org/cves/-/blob/master/2024/CVE-2024-2874.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?4f6d7e61");
  script_set_attribute(attribute:"see_also", value:"https://gitlab.com/gitlab-org/gitlab/-/issues/451911");
  script_set_attribute(attribute:"see_also", value:"https://hackerone.com/reports/2426166");
  script_set_attribute(attribute:"solution", value:
"Upgrade to GitLab version 16.10.6, 16.11.3, 17.0.1 or later.");
  script_set_attribute(attribute:"agent", value:"unix");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:U/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2024-2874");

  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"vuln_publication_date", value:"2024/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2024/05/23");
  script_set_attribute(attribute:"plugin_publication_date", value:"2024/05/23");

  script_set_attribute(attribute:"plugin_type", value:"combined");
  script_set_attribute(attribute:"cpe", value:"cpe:/a:gitlab:gitlab");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_set_attribute(attribute:"thorough_tests", value:"true");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"CGI abuses");

  script_copyright(english:"This script is Copyright (C) 2024 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("gitlab_webui_detect.nbin", "gitlab_nix_installed.nbin");
  script_require_keys("installed_sw/GitLab");

  exit(0);
}

include('vcf.inc');

var app = 'GitLab';
var app_info = vcf::combined_get_app_info(app:app);

if (report_paranoia < 2 && max_index(app_info.parsed_version[0]) < 3 && (app_info.version =~ "^16\.(10|11)$" || app_info.version =~ "^17\.(0)$"))
  if (!empty_or_null(app_info.port))
    audit(AUDIT_POTENTIAL_VULN, app, app_info.version, app_info.port);
  else
    audit(AUDIT_POTENTIAL_VULN, app, app_info.version);

var constraints = [
  { 'min_version' : '0', 'fixed_version' : '16.10.6' },
  { 'min_version' : '16.11', 'fixed_version' : '16.11.3' },
  { 'min_version' : '17.0', 'fixed_version' : '17.0.1' }
];

vcf::check_version_and_report(
    app_info:app_info,
    constraints:constraints,
    severity:SECURITY_WARNING
);
VendorProductVersionCPE
gitlabgitlabcpe:/a:gitlab:gitlab

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

6.2 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

Related for GITLAB_CVE-2024-2874.NASL