MidnightBSD

Advisories for greenbone

CVE-2011-0650 MEDIUM

Cross-site request forgery (CSRF) vulnerability in Greenbone Security Assistant (GSA) before 2.0+rc3 allows remote attackers to hijack the authentication of users for requests that send email via an OMP request to OpenVAS Manager. NOTE: this issue can be leveraged to bypass authentication requirements for exploiting CVE-2011-0018.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-352,

Products Affected

Vendor Product Version
greenbone greenbone_security_assistant *
CVE-2016-1926 MEDIUM

Cross-site scripting (XSS) vulnerability in the charts module in Greenbone Security Assistant (GSA) 6.x before 6.0.8 allows remote attackers to inject arbitrary web script or HTML via the aggregate_type parameter in a get_aggregate command to omp.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
greenbone greenbone_security_assistant 6.0.1
greenbone greenbone_security_assistant 6.0.0
greenbone greenbone_os 3.1.18
greenbone greenbone_security_assistant 6.0.6
greenbone greenbone_security_assistant 6.0.3
greenbone greenbone_os 3.1.1
greenbone greenbone_os 3.1.7
greenbone greenbone_os 3.1.17
greenbone greenbone_os 3.1.23
greenbone greenbone_os 3.1.8
greenbone greenbone_os 3.1.20
fedoraproject fedora 23
greenbone greenbone_os 3.1.16
greenbone greenbone_security_assistant 6.0.4
greenbone greenbone_os 3.1.14
greenbone greenbone_os 3.1.19
greenbone greenbone_os 3.1.21
greenbone greenbone_os 3.1.22
greenbone greenbone_os 3.1.11
greenbone greenbone_security_assistant 6.0.7
greenbone greenbone_os 3.1.13
greenbone greenbone_os 3.1.12
greenbone greenbone_security_assistant 6.0.5
greenbone greenbone_security_assistant 6.0.2
greenbone greenbone_os 3.1.10
greenbone greenbone_os 3.1.15
greenbone greenbone_os 3.1.6
greenbone greenbone_os 3.1.9
fedoraproject fedora 22
CVE-2018-25016 HIGH

Greenbone Security Assistant (GSA) before 7.0.3 and Greenbone OS (GOS) before 5.0.0 allow Host Header Injection.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-74,

Products Affected

Vendor Product Version
greenbone greenbone_os *
greenbone greenbone_security_assistant *
CVE-2019-25047 MEDIUM

Greenbone Security Assistant (GSA) before 8.0.2 and Greenbone OS (GOS) before 5.0.10 allow XSS during 404 URL handling in gsad.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.1 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N 2.8 2.7

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-79,

Products Affected

Vendor Product Version
greenbone greenbone_os *
greenbone greenbone_security_assistant *