5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.1%
GitLab is prone to a denial of service (DoS) vulnerability.
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:gitlab:gitlab";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.170085");
script_version("2023-12-06T05:06:11+0000");
script_tag(name:"last_modification", value:"2023-12-06 05:06:11 +0000 (Wed, 06 Dec 2023)");
script_tag(name:"creation_date", value:"2022-03-28 14:21:05 +0000 (Mon, 28 Mar 2022)");
script_tag(name:"cvss_base", value:"5.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:N/I:P/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-09 23:20:00 +0000 (Wed, 09 Oct 2019)");
script_cve_id("CVE-2016-9469");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("GitLab 8.13.x - 8.13.7, 8.14.x - 8.14.2 DoS Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_gitlab_consolidation.nasl");
script_mandatory_keys("gitlab/detected");
script_tag(name:"summary", value:"GitLab is prone to a denial of service (DoS) vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The state filter in the IssuableFinder class has the ability to
filter issues and merge requests by state. This filter is implemented by calling public_send with
unfiltered user input. This allows an attacker to call delete_all or destroy_all. Because the
method is called before the project / group scope is applied, it deletes all issues and merge
requests of the GitLab instance.");
script_tag(name:"impact", value:"Unauthenticated users could exploit this vulnerability on GitLab
instances with publicly available projects. Users with access to any project are able to delete all
issues and merge requests from all GitLab projects.");
script_tag(name:"affected", value:"GitLab version 8.13.x through 8.13.7 and 8.14.x through
8.14.2.");
script_tag(name:"solution", value:"Update to version 8.13.8, 8.14.3 or later.");
script_xref(name:"URL", value:"https://about.gitlab.com/releases/2016/12/05/cve-2016-9469/");
script_xref(name:"URL", value:"https://gitlab.com/gitlab-org/gitlab-foss/-/issues/25064");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if ( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if ( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if ( version_in_range( version:version, test_version:"8.13.0", test_version2:"8.13.7" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"8.13.8", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
if ( version_in_range( version:version, test_version:"8.14.0", test_version2:"8.14.2" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"8.14.3", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
8.2 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
LOW
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L
8 High
AI Score
Confidence
High
0.002 Low
EPSS
Percentile
61.1%