4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
26.0%
GitLab is prone to a directory traversal vulnerability.
# SPDX-FileCopyrightText: 2022 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-only
CPE = "cpe:/a:gitlab:gitlab";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.170084");
script_version("2023-12-06T05:06:11+0000");
script_tag(name:"last_modification", value:"2023-12-06 05:06:11 +0000 (Wed, 06 Dec 2023)");
script_tag(name:"creation_date", value:"2022-03-28 14:21:05 +0000 (Mon, 28 Mar 2022)");
script_tag(name:"cvss_base", value:"4.0");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:S/C:P/I:N/A:N");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2016-11-29 19:15:00 +0000 (Tue, 29 Nov 2016)");
script_cve_id("CVE-2016-9086");
script_tag(name:"qod_type", value:"remote_banner");
script_tag(name:"solution_type", value:"VendorFix");
script_name("GitLab 8.9.x - 8.10.12, 8.11.x - 8.11.9, 8.12.x - 8.12.7, 8.13.x - 8.13.2 Directory Traversal Vulnerability");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2022 Greenbone AG");
script_family("Web application abuses");
script_dependencies("gb_gitlab_consolidation.nasl");
script_mandatory_keys("gitlab/detected");
script_tag(name:"summary", value:"GitLab is prone to a directory traversal vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"Directory traversal via 'import/export' feature:
This feature did not properly check for symbolic links in user-provided archives and therefore it
was possible for an authenticated user to retrieve the contents of any file accessible to the
GitLab service account. This included sensitive files such as those that contain secret tokens
used by the GitLab service to authenticate users.");
script_tag(name:"affected", value:"GitLab version 8.9.x through 8.10.12, 8.11.x through 8.11.9,
8.12.x through 8.12.7 and 8.13.x through 8.13.2.");
script_tag(name:"solution", value:"Update to version 8.10.13, 8.11.10, 8.12.8, 8.13.3 or later.");
script_xref(name:"URL", value:"https://about.gitlab.com/releases/2016/11/02/cve-2016-9086-patches/");
script_xref(name:"URL", value:"https://gitlab.com/gitlab-org/gitlab-foss/-/issues/23822");
exit(0);
}
include("host_details.inc");
include("version_func.inc");
if( isnull( port = get_app_port( cpe:CPE ) ) )
exit( 0 );
if( ! infos = get_app_version_and_location( cpe:CPE, port:port, exit_no_version:TRUE ) )
exit( 0 );
version = infos["version"];
location = infos["location"];
if( version_in_range( version:version, test_version:"8.9.0", test_version2:"8.10.12" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"8.10.13", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
if( version_in_range( version:version, test_version:"8.11.0", test_version2:"8.11.9" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"8.11.10", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
if( version_in_range( version:version, test_version:"8.12.0", test_version2:"8.12.7" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"8.12.8", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
if( version_in_range( version:version, test_version:"8.13.0", test_version2:"8.13.2" ) ) {
report = report_fixed_ver( installed_version:version, fixed_version:"8.13.3", install_path:location );
security_message( port:port, data:report );
exit( 0 );
}
exit( 99 );
4 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:N/A:N
6.5 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.001 Low
EPSS
Percentile
26.0%