GitLab <= 10.7.6, 10.8.x - 10.8.5, 11.x - 11.0.3 Path Traversal Vulnerability

2022-03-2800:00:00

plugins.openvas.org

gitlab

path traversal

vulnerability

version 10.7.6

version 10.8.5

version 11.0.3

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.5

Confidence

High

EPSS

0.133

Percentile

95.6%

JSON

GitLab is prone to a path traversal vulnerability.

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:gitlab:gitlab";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.170069");
  script_version("2023-12-06T05:06:11+0000");
  script_tag(name:"last_modification", value:"2023-12-06 05:06:11 +0000 (Wed, 06 Dec 2023)");
  script_tag(name:"creation_date", value:"2022-03-28 13:44:07 +0000 (Mon, 28 Mar 2022)");
  script_tag(name:"cvss_base", value:"7.5");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2018-09-15 12:36:00 +0000 (Sat, 15 Sep 2018)");

  script_cve_id("CVE-2018-14364");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("GitLab <= 10.7.6, 10.8.x - 10.8.5, 11.x - 11.0.3 Path Traversal Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_gitlab_consolidation.nasl");
  script_mandatory_keys("gitlab/detected");

  script_tag(name:"summary", value:"GitLab is prone to a path traversal vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"Vulnerability in project import leads to arbitrary command
   execution.");

  script_tag(name:"affected", value:"GitLab version 10.7.6 and prior, 10.8.x through 10.8.5 and
  11.x through 11.0.3.");

  script_tag(name:"solution", value:"Update to version 10.7.7, 10.8.6, 11.0.4 or later.");

  script_xref(name:"URL", value:"https://gitlab.com/gitlab-org/gitlab-foss/-/issues/49133");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if ( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if ( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if ( version_is_less( version:version, test_version:"10.7.7" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"10.7.7", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}
if ( version_in_range( version:version, test_version:"10.8.0", test_version2:"10.8.5" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"10.8.6", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if ( version_in_range( version:version, test_version:"11.0.0", test_version2:"11.0.3" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"11.0.4", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );