GitLab 8.13.x - 8.13.7, 8.14.x - 8.14.2 DoS Vulnerability

# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only

CPE = "cpe:/a:gitlab:gitlab";

if (description)
{
  script_oid("1.3.6.1.4.1.25623.1.0.170085");
  script_version("2023-12-06T05:06:11+0000");
  script_tag(name:"last_modification", value:"2023-12-06 05:06:11 +0000 (Wed, 06 Dec 2023)");
  script_tag(name:"creation_date", value:"2022-03-28 14:21:05 +0000 (Mon, 28 Mar 2022)");
  script_tag(name:"cvss_base", value:"5.0");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
  script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L");
  script_tag(name:"severity_origin", value:"NVD");
  script_tag(name:"severity_date", value:"2019-10-09 23:20:00 +0000 (Wed, 09 Oct 2019)");

  script_cve_id("CVE-2016-9469");

  script_tag(name:"qod_type", value:"remote_banner");

  script_tag(name:"solution_type", value:"VendorFix");

  script_name("GitLab 8.13.x - 8.13.7, 8.14.x - 8.14.2 DoS Vulnerability");

  script_category(ACT_GATHER_INFO);

  script_copyright("Copyright (C) 2022 Greenbone AG");
  script_family("Web application abuses");
  script_dependencies("gb_gitlab_consolidation.nasl");
  script_mandatory_keys("gitlab/detected");

  script_tag(name:"summary", value:"GitLab is prone to a denial of service (DoS) vulnerability.");

  script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");

  script_tag(name:"insight", value:"The state filter in the IssuableFinder class has the ability to
  filter issues and merge requests by state. This filter is implemented by calling public_send with
  unfiltered user input. This allows an attacker to call delete_all or destroy_all. Because the
  method is called before the project / group scope is applied, it deletes all issues and merge
  requests of the GitLab instance.");

  script_tag(name:"impact", value:"Unauthenticated users could exploit this vulnerability on GitLab
  instances with publicly available projects. Users with access to any project are able to delete all
  issues and merge requests from all GitLab projects.");

  script_tag(name:"affected", value:"GitLab version 8.13.x through 8.13.7 and 8.14.x through
  8.14.2.");

  script_tag(name:"solution", value:"Update to version 8.13.8, 8.14.3 or later.");

  script_xref(name:"URL", value:"https://about.gitlab.com/releases/2016/12/05/cve-2016-9469/");
  script_xref(name:"URL", value:"https://gitlab.com/gitlab-org/gitlab-foss/-/issues/25064");

  exit(0);
}

include("host_details.inc");
include("version_func.inc");

if ( isnull( port = get_app_port( cpe:CPE ) ) )
  exit( 0 );

if ( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
  exit( 0 );

version = infos["version"];
location = infos["location"];

if ( version_in_range( version:version, test_version:"8.13.0", test_version2:"8.13.7" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"8.13.8", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

if ( version_in_range( version:version, test_version:"8.14.0", test_version2:"8.14.2" ) ) {
  report = report_fixed_ver( installed_version:version, fixed_version:"8.14.3", install_path:location );
  security_message( port:port, data:report );
  exit( 0 );
}

exit( 99 );