Task #11711
closedSecurity Vulnerability Scan 2023-05-18
100%
Description
Hi!
An automated scan by the TUM IT Security team has discovered 28 vulnerabilities in your network (org:ASE).
If you have questions about the procedure or your scan results, please contact
it-sicherheit@tum.de
Please fix the reported issues as soon as you can.
Regards
RBG Systems Group
Report text of Greenbone Security Assistant:
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 443¶
- 6.4 - Missing Secure Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - a66478df-1823-452e-8f8f-eb9db82388d0 - 1.3.6.1.4.1.25623.1.0.902661
summary: The remote HTTP web server / application is missing to set the
'Secure' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik82ckc3TmxKamt3UmpwWFMwb1ZvbXc9PSIsInZhbHVlIjoiRzFKRi9OdkhhYTFwbHZ5ZTJsKy9Bem9KcmFUdmxsenk1QUFSeG5BdGVNWGVJR2NxdTFsbVdyNlZoYjBuVUM4SkF3K3R0Mlk0ek1Xb0c0K0J3TlpkcXRDU1J0NC9GVGFPMllvajduQjVpVzhMMGxxcnRQUmJhdFBHaHJIV3o1UFAiLCJtYWMiOiIzMDY4OTQ2YjZhYjBjZmJhOTIxYjA3MjAwNjk1YWU3NGM5N2UyZjE4MDhkYzBmNjQ3Mzg4ZTdkNjMyMGZkYjY5IiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:13 GMT; Max-Age=replaced; path=/
Set-Cookie: snipeit_session=MGGqE9fwjHRF7EzjrDTWiDr2yy0klyPX6JyTS6N8; expires=Tue, 23-May-2023 22:23:13 GMT; Max-Age=replaced; path=/; httponly
are missing the "Secure" cookie attribute.
impact:
solution: Mitigation: Set the 'Secure' cookie attribute for any cookies that are sent
over a SSL/TLS connection.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 443¶
- 6.4 - Missing Secure Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - ecd99ac4-5bcf-498e-bc6f-9344aa6d6443 - 1.3.6.1.4.1.25623.1.0.902661
summary: The remote HTTP web server / application is missing to set the
'Secure' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjlhaXRyZ3VQOExZaWZFMVlFSGZUdXc9PSIsInZhbHVlIjoiQzVSTm54dU5jS21kQzFKMjkrNE5KQmozU0NBc29FTFprd2luSUF2aUFyQkxFbWpkRVd1VTdGOG9IOHNvN3E3dENUMjVUYUk3NUt3TmhYOGNaT0tGUXVQNHdEZUlSWnBoWEF4Q3QzaENPOWxzYS96TnRxdTJsNFoxeUZNYzgxVVUiLCJtYWMiOiJiY2M0NTY1ZjU1OTBjYzVlZTQ1ZGIwMzY5MDRiNDMwMWU4NWI5YjA0ZDEwODU3NzU0MTFiNmUyZDNiNjEyNDViIiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:14 GMT; Max-Age=replaced; path=/
Set-Cookie: snipeit_session=BoeqCHFebv9zHbI91rwCuOGBe0as2VGi9rB4WcnC; expires=Tue, 23-May-2023 22:23:14 GMT; Max-Age=replaced; path=/; httponly
are missing the "Secure" cookie attribute.
impact:
solution: Mitigation: Set the 'Secure' cookie attribute for any cookies that are sent
over a SSL/TLS connection.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 443¶
- 6.4 - Missing Secure Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - ee62e447-0959-4d5a-8417-a5466c00a4f8 - 1.3.6.1.4.1.25623.1.0.902661
summary: The remote HTTP web server / application is missing to set the
'Secure' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImRJNWl0SzBMQkhHa2lNaVU1MG5BR1E9PSIsInZhbHVlIjoibHFOeEwxVElyZFZXek9DejkrU1lHeTk3eHhJV2UvWG5xM1hzZzBKalhnbE0xbW14V2VSL2M3Qm93amFBUWpOd21MUXNWd3Jiajlmam1LcWppT2I0Z3VEb0NObFJjSHZBS2UvTmRuOWQ5RXU3UW5OdldxZTBLSVpMUmFINU9YMFoiLCJtYWMiOiI4ZTQ4ZTQ5MDZhNGQwOTQwNmJhNTcyYTE1YTNkYzdjMzE4NjJjYzQ3OThkNWNjNmE3MmI4YmY2OTUyZDg2MWU1IiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:13 GMT; Max-Age=replaced; path=/
Set-Cookie: snipeit_session=GM0pUqhWsksS758LI9mNCs1rOCsT5MSJ2dehKUlr; expires=Tue, 23-May-2023 22:23:13 GMT; Max-Age=replaced; path=/; httponly
are missing the "Secure" cookie attribute.
impact:
solution: Mitigation: Set the 'Secure' cookie attribute for any cookies that are sent
over a SSL/TLS connection.
############################################################
host: vmbhatotia148.in.tum.de, ip: 131.159.89.187, tcp port: 1883¶
- 6.4 - MQTT Broker Does Not Require Authentication
- 2023-05-15T14:34:09Z - 14f38e82-50e7-4303-a6f9-c15e528b8c46 - 1.3.6.1.4.1.25623.1.0.140167
summary: The remote MQTT broker does not require authentication.
problem: Vulnerability was detected according to the Vulnerability Detection Method.
impact:
solution: Mitigation: Enable authentication.
############################################################
host: traefik.survey.ase.cs.tum.edu, ip: 131.159.89.172, tcp port: 443¶
- 6.4 - Missing Secure Cookie Attribute (HTTP)
- 2023-05-15T11:16:21Z - 058dd816-81ad-4666-b8d1-036bbc87f347 - 1.3.6.1.4.1.25623.1.0.902661
summary: The remote HTTP web server / application is missing to set the
'Secure' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: PHPSESSID=replaced; path=/; HttpOnly
are missing the "Secure" cookie attribute.
impact:
solution: Mitigation: Set the 'Secure' cookie attribute for any cookies that are sent
over a SSL/TLS connection.
############################################################
host: dse.cs.tum.edu, ip: 131.159.89.173, tcp port: 443¶
- 6.1 - WordPress Elementor Page Builder Plugin <= 3.5.5 XSS Vulnerability
- 2023-05-15T11:24:18Z - 26292b1e-e620-49b1-8913-346ab029c68b - 1.3.6.1.4.1.25623.1.0.126057
summary: The WordPress plugin 'Elementor Page Builder' is prone
to a cross-site scripting (XSS) vulnerability.
problem: Installed version: 3.5.5
Fixed version: 3.5.6
Installation
path / port: /wp-content/plugins/elementor
impact: An attacker could do the following: account takeovers,
executing javascript on victim's behalf, SOAP bypass, CORS bypass, Defacement.
solution: VendorFix: Update to version 3.5.6 or later.
############################################################
host: dse.cs.tum.edu, ip: 131.159.89.173, tcp port: 443¶
- 5.5 - WordPress Popup Maker Plugin < 1.16.9 Multiple XSS Vulnerabilities
- 2023-05-15T11:24:18Z - 2bbd4221-ed4f-4aa2-b421-ce9794867d9b - 1.3.6.1.4.1.25623.1.0.170320
summary: The WordPress plugin 'Popup Maker' is prone to multiple cross-site
scripting (XSS) vulnerabilities.
problem: Installed version: 1.16.4
Fixed version: 1.16.9
Installation
path / port: /wp-content/plugins/popup-maker
impact:
solution: VendorFix: Update to version 1.16.9 or later.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 80¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - 5c2bdb62-acc8-4bda-b205-2b80ab865555 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6IlhmQ1YyVkZWRTRqdlA5eURyWU95ZWc9PSIsInZhbHVlIjoicTBxeFA0UHVCakYyMFo0cjl5bVBjWkw5dEFpaG1ZK0gxYTFGWnBvc3R1U2kzYVdHU2JranQvY3NQNkJjYjJ6dUVpRnZ1MlRWd2p2cGUwUDZIMlE1eXJZcEk4UXpKazNkRzFLSWZOVi9sait5SGVBNFlyVWc2WWsvZUVCa3FKSWwiLCJtYWMiOiI2ZmVmOTI2NTEzMTBlNzJiNmY1MjViZGFjMTEzOWQ4ZDdhMzA4ODkzY2QzZjRiMmRlMTk5NDU1YTQ0ZjI4NTA4IiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:15 GMT; Max-Age=replaced; path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 80¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - 2e6f53d3-b26a-4bd0-8b19-8c0768e50042 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6IkhScFhWbE9scjhvNkhGNy9Eb3dKamc9PSIsInZhbHVlIjoiSTFaRzhiak5yQjlZTE1MU2JidVpsRWJueHAvUlBRbTRmK2RnV2RKMUF3UnhwcFc0YkZLRVNIWWU1QmI0dU1qcHJlWjJiNWlnWHhhVy91VjR5NTBCWSswV1JrZ3hHQitFcXRGcUpuOGxNNzc5RWpnMFNhUE03WVJLeGExZ290WlMiLCJtYWMiOiI1ZDU4MzNjYWQwMDQwYzE0OGEyNzc4ZmY5MTQzZjcyOTA5ZmVhZGIwOWIyZGY0ZTMwNjEyMGE2NzhmNWE2OWY1IiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:15 GMT; Max-Age=replaced; path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 80¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - a31438d4-24ad-4897-b58d-c4c8d8b40502 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6Im42U1pEQmlKNTRHTVA1MXgzSUdvZ2c9PSIsInZhbHVlIjoiWTQ3VHRhcnR4TE5GNHlWMU9wNkRXc1BYN3JJZFdSczM2REpFZkVrVERJdlpGUjYyMXJzTUZPTDAxSEV4a2dvenJndDY2c0Ntdk5wWWR2U3A4bmhOTlJEK1JHMjZwWHpzZDkvTmlMSW83SXVYWlU2QzVDV1dDTlV6MndqSk1sMTAiLCJtYWMiOiJlZDdkYzEzOTY3ZjlhZTY2MzRjN2FiMmU1NmI4Y2M2NTE3NGIyODJjYjNhYTcxYzdiNzZkMDY1OTkzNmI5MDIxIiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:21:11 GMT; Max-Age=replaced; path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - ee973ff2-9ff5-42ac-8875-33d72cae6b9d - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6IjlhaXRyZ3VQOExZaWZFMVlFSGZUdXc9PSIsInZhbHVlIjoiQzVSTm54dU5jS21kQzFKMjkrNE5KQmozU0NBc29FTFprd2luSUF2aUFyQkxFbWpkRVd1VTdGOG9IOHNvN3E3dENUMjVUYUk3NUt3TmhYOGNaT0tGUXVQNHdEZUlSWnBoWEF4Q3QzaENPOWxzYS96TnRxdTJsNFoxeUZNYzgxVVUiLCJtYWMiOiJiY2M0NTY1ZjU1OTBjYzVlZTQ1ZGIwMzY5MDRiNDMwMWU4NWI5YjA0ZDEwODU3NzU0MTFiNmUyZDNiNjEyNDViIiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:14 GMT; Max-Age=replaced; path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - d56fdad6-09a3-4bf6-a719-085e898d0097 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6ImRJNWl0SzBMQkhHa2lNaVU1MG5BR1E9PSIsInZhbHVlIjoibHFOeEwxVElyZFZXek9DejkrU1lHeTk3eHhJV2UvWG5xM1hzZzBKalhnbE0xbW14V2VSL2M3Qm93amFBUWpOd21MUXNWd3Jiajlmam1LcWppT2I0Z3VEb0NObFJjSHZBS2UvTmRuOWQ5RXU3UW5OdldxZTBLSVpMUmFINU9YMFoiLCJtYWMiOiI4ZTQ4ZTQ5MDZhNGQwOTQwNmJhNTcyYTE1YTNkYzdjMzE4NjJjYzQ3OThkNWNjNmE3MmI4YmY2OTUyZDg2MWU1IiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:13 GMT; Max-Age=replaced; path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: inventory.ase.cit.tum.de, ip: 131.159.89.189, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T14:20:48Z - bd3a2a97-7504-4d2a-9cc1-0fc6887a54e4 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: XSRF-TOKEN=eyJpdiI6Ik82ckc3TmxKamt3UmpwWFMwb1ZvbXc9PSIsInZhbHVlIjoiRzFKRi9OdkhhYTFwbHZ5ZTJsKy9Bem9KcmFUdmxsenk1QUFSeG5BdGVNWGVJR2NxdTFsbVdyNlZoYjBuVUM4SkF3K3R0Mlk0ek1Xb0c0K0J3TlpkcXRDU1J0NC9GVGFPMllvajduQjVpVzhMMGxxcnRQUmJhdFBHaHJIV3o1UFAiLCJtYWMiOiIzMDY4OTQ2YjZhYjBjZmJhOTIxYjA3MjAwNjk1YWU3NGM5N2UyZjE4MDhkYzBmNjQ3Mzg4ZTdkNjMyMGZkYjY5IiwidGFnIjoiIn0%3D; expires=Tue, 23-May-2023 22:23:13 GMT; Max-Age=replaced; path=/
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - a25737cc-6d7c-48fe-b0a1-ea3d710bb01b - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 5ce201dc-f82b-4da1-9003-6c885d40e4c5 - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 1668180765 +0100 checkout: moving from MOODLE_311_STABLE to MOODLE_400_STABLE
cda2e481342ba0644f665ff8e91342abb009192a a2b88160d77b122fdd945bb9ed5d82a850a3adb6 root root@vmbhatotia124.in.tum.de 1675437321 +0100 pull: Fast-forward
a2b88160d77b122fdd945bb9ed5d82a850a3adb6 cb6dc699b8ed9d29dcd9cd400fb96647a471e87a root root@vmbhatotia124.in.tum.de 1675437385 +0100 checkout: moving from MOODLE_400_STABLE to origin/MOODLE_401_STABLE
URL: https://moodle.ase.in.tum.de/.git/logs/HEAD
Match: [core]
[remote "origin"]
[branch "MOODLE_311_STABLE"]
[branch "MOODLE_400_STABLE"]
URL: https://moodle.ase.in.tum.de/.git/config
Match: # git ls-files --others --exclude-from=.git/info/exclude
URL: https://moodle.ase.in.tum.de/.git/info/exclude
Match: Unnamed repository; edit this file 'description' to name the repository.
URL: https://moodle.ase.in.tum.de/.git/description
Match: a2b88160d77b122fdd945bb9ed5d82a850a3adb6 branch 'MOODLE_400_STABLE' of git://git.moodle.org/moodle
ec6ed8e4cfa7babc64039869ccc7fa7869a9dc53 not-for-merge branch 'MOODLE_13_STABLE' of git://git.moodle.org/moodle
ff8ed9e11863df18a2ca571195e8c9b0e660a9bf not-for-merge branch 'MOODLE_14_STABLE' of git://git.moodle.org/moodle
20ea0682124c3117ea04f8d83a4fb84747b30437 not-for-merge branch 'MOODLE_15_STABLE' of git://git.moodle.org/moodle
fb1a72d5c2fc61a4dbb9a213d78c6b75fc0098d6 not-for-merge branch 'MOODLE_16_STABLE' of git://git.moodle.org/moodle
cb6d0894c33e0cf9193f05f7c615b1902b371c75 not-for-merge branch 'MOODLE_17_STABLE' of git://git.moodle.org/moodle
91a49999829e23f08502a646d84eb0333405cc16 not-for-merge branch 'MOODLE_18_STABLE' of git://git.moodle.org/moodle
572729aaa5b23c087f712e4fe4c43fa5d7cc1853 not-for-merge branch 'MOODLE_19_STABLE' of git://git.moodle.org/moodle
c4f6df5a1ac39818b6988890d36896e049b0e99d not-for-merge branch 'MOODLE_20_STABLE' of git://git.moodle.org/moodle
6ccbbe593649ce5d5a47d8046f2e30c739cd2a20 not-for-merge branch 'MOODLE_21_STABLE' of git://git.moodle.org/moodle
9c458edc33577cee5fee343333aa00a7b54fcfdd not-for-merge branch 'MOODLE_22_STABLE' of git://git.moodle.org/moodle
cbb12cf9724a0d7248a9ab81eea51fbb3a1eb59c not-for-merge branch 'MOODLE_23_STABLE' of git://git.moodle.org/moodle
928f14b3cc509b9ad27b3172a8417e2ffe03ce72 not-for-merge branch 'MOODLE_24_STABLE' of git://git.moodle.org/moodle
e4a9d2b9f62391813478f0f048de1ea769c1d565 not-for-merge branch 'MOODLE_25_STABLE' of git://git.moodle.org/moodle
97c956f97073448db95ce87aef04d9740989c645 not-for-merge branch 'MOODLE_26_STABLE' of git://git.moodle.org/moodle
54a393ab62c9ac86b08bc7130a80dd8685ff0adf not-for-merge branch 'MOODLE_27_STABLE' of git://git.moodle.org/moodle
aba54964abec2081ba139ad0ea1a4f5627c24fa7 not-for-merge branch 'MOODLE_28_STABLE' of git://git.moodle.org/moodle
382d80646b7efbcae6f80a1b78ebdad78f5fd24e not-for-merge branch 'MOODLE_29_STABLE' of git://git.moodle.org/moodle
0bd0ee444a07818fc495c95697ea1ec1a6abeefb not-for-merge branch 'MOODLE_30_STABLE' of git://git.moodle.org/moodle
3c33177dd21e3a46e8825b2df3cb3476936b68ee not-for-merge branch 'MOODLE_310_STABLE' of git://git.moodle.org/moodle
fa6c77adc74a94ef7e935b985832589a092e4083 not-for-merge branch 'MOODLE_311_STABLE' of git://git.moodle.org/moodle
92e218fd8adafbe8822dbc0e611b540f71764792 not-for-merge branch 'MOODLE_31_STABLE' of git://git.moodle.org/moodle
45f418c1fb6b133e024cc09b346936e80b125078 not-for-merge branch 'MOODLE_32_STABLE' of git://git.moodle.org/moodle
ae82333cf25219ba627538f7e8de72f0b4028460 not-for-merge branch 'MOODLE_33_STABLE' of git://git.moodle.org/moodle
9650f3f56f74941b1ed03833a9e0f55cc7bb7082 not-for-merge branch 'MOODLE_34_STABLE' of git://git.moodle.org/moodle
22984eaeccf9ccd72572cc4cc51ae9372cefa06d not-for-merge branch 'MOODLE_35_STABLE' of git://git.moodle.org/moodle
940aa17049aa429b03cd39a241f6e90c0b1190b7 not-for-merge branch 'MOODLE_36_STABLE' of git://git.moodle.org/moodle
3517c9c9ad10ee2ca233ef4ed8c2a429798b9dd0 not-for-merge branch 'MOODLE_37_STABLE' of git://git.moodle.org/moodle
49648fdf30aae05b61604a12549436cee8c96436 not-for-merge branch 'MOODLE_38_STABLE' of git://git.moodle.org/moodle
e23d81ca404f4ef27e1e10d87b3ea7b9f8dce4a7 not-for-merge branch 'MOODLE_39_STABLE' of git://git.moodle.org/moodle
cb6dc699b8ed9d29dcd9cd400fb96647a471e87a not-for-merge branch 'MOODLE_401_STABLE' of git://git.moodle.org/moodle
0780e87f06eb834786f562316ad9699480bcd24e not-for-merge branch 'master' of git://git.moodle.org/moodle
URL: https://moodle.ase.in.tum.de/.git/FETCH_HEAD
Match: cda2e481342ba0644f665ff8e91342abb009192a
URL: https://moodle.ase.in.tum.de/.git/ORIG_HEAD
impact: Based on the information provided in these files an attacker might
be able to gather additional info about the structure of the system and its applications.
solution: Mitigation: Restrict access to the SCM files for authorized systems only.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 725a474b-c319-487a-9768-0a5871c7b5bc - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 1668180765 +0100 checkout: moving from MOODLE_311_STABLE to MOODLE_400_STABLE
cda2e481342ba0644f665ff8e91342abb009192a a2b88160d77b122fdd945bb9ed5d82a850a3adb6 root root@vmbhatotia124.in.tum.de 1675437321 +0100 pull: Fast-forward
a2b88160d77b122fdd945bb9ed5d82a850a3adb6 cb6dc699b8ed9d29dcd9cd400fb96647a471e87a root root@vmbhatotia124.in.tum.de 1675437385 +0100 checkout: moving from MOODLE_400_STABLE to origin/MOODLE_401_STABLE
URL: https://moodle.ase.cs.tum.edu/.git/logs/HEAD
Match: [core]
[remote "origin"]
[branch "MOODLE_311_STABLE"]
[branch "MOODLE_400_STABLE"]
URL: https://moodle.ase.cs.tum.edu/.git/config
Match: # git ls-files --others --exclude-from=.git/info/exclude
URL: https://moodle.ase.cs.tum.edu/.git/info/exclude
Match: Unnamed repository; edit this file 'description' to name the repository.
URL: https://moodle.ase.cs.tum.edu/.git/description
Match: a2b88160d77b122fdd945bb9ed5d82a850a3adb6 branch 'MOODLE_400_STABLE' of git://git.moodle.org/moodle
ec6ed8e4cfa7babc64039869ccc7fa7869a9dc53 not-for-merge branch 'MOODLE_13_STABLE' of git://git.moodle.org/moodle
ff8ed9e11863df18a2ca571195e8c9b0e660a9bf not-for-merge branch 'MOODLE_14_STABLE' of git://git.moodle.org/moodle
20ea0682124c3117ea04f8d83a4fb84747b30437 not-for-merge branch 'MOODLE_15_STABLE' of git://git.moodle.org/moodle
fb1a72d5c2fc61a4dbb9a213d78c6b75fc0098d6 not-for-merge branch 'MOODLE_16_STABLE' of git://git.moodle.org/moodle
cb6d0894c33e0cf9193f05f7c615b1902b371c75 not-for-merge branch 'MOODLE_17_STABLE' of git://git.moodle.org/moodle
91a49999829e23f08502a646d84eb0333405cc16 not-for-merge branch 'MOODLE_18_STABLE' of git://git.moodle.org/moodle
572729aaa5b23c087f712e4fe4c43fa5d7cc1853 not-for-merge branch 'MOODLE_19_STABLE' of git://git.moodle.org/moodle
c4f6df5a1ac39818b6988890d36896e049b0e99d not-for-merge branch 'MOODLE_20_STABLE' of git://git.moodle.org/moodle
6ccbbe593649ce5d5a47d8046f2e30c739cd2a20 not-for-merge branch 'MOODLE_21_STABLE' of git://git.moodle.org/moodle
9c458edc33577cee5fee343333aa00a7b54fcfdd not-for-merge branch 'MOODLE_22_STABLE' of git://git.moodle.org/moodle
cbb12cf9724a0d7248a9ab81eea51fbb3a1eb59c not-for-merge branch 'MOODLE_23_STABLE' of git://git.moodle.org/moodle
928f14b3cc509b9ad27b3172a8417e2ffe03ce72 not-for-merge branch 'MOODLE_24_STABLE' of git://git.moodle.org/moodle
e4a9d2b9f62391813478f0f048de1ea769c1d565 not-for-merge branch 'MOODLE_25_STABLE' of git://git.moodle.org/moodle
97c956f97073448db95ce87aef04d9740989c645 not-for-merge branch 'MOODLE_26_STABLE' of git://git.moodle.org/moodle
54a393ab62c9ac86b08bc7130a80dd8685ff0adf not-for-merge branch 'MOODLE_27_STABLE' of git://git.moodle.org/moodle
aba54964abec2081ba139ad0ea1a4f5627c24fa7 not-for-merge branch 'MOODLE_28_STABLE' of git://git.moodle.org/moodle
382d80646b7efbcae6f80a1b78ebdad78f5fd24e not-for-merge branch 'MOODLE_29_STABLE' of git://git.moodle.org/moodle
0bd0ee444a07818fc495c95697ea1ec1a6abeefb not-for-merge branch 'MOODLE_30_STABLE' of git://git.moodle.org/moodle
3c33177dd21e3a46e8825b2df3cb3476936b68ee not-for-merge branch 'MOODLE_310_STABLE' of git://git.moodle.org/moodle
fa6c77adc74a94ef7e935b985832589a092e4083 not-for-merge branch 'MOODLE_311_STABLE' of git://git.moodle.org/moodle
92e218fd8adafbe8822dbc0e611b540f71764792 not-for-merge branch 'MOODLE_31_STABLE' of git://git.moodle.org/moodle
45f418c1fb6b133e024cc09b346936e80b125078 not-for-merge branch 'MOODLE_32_STABLE' of git://git.moodle.org/moodle
ae82333cf25219ba627538f7e8de72f0b4028460 not-for-merge branch 'MOODLE_33_STABLE' of git://git.moodle.org/moodle
9650f3f56f74941b1ed03833a9e0f55cc7bb7082 not-for-merge branch 'MOODLE_34_STABLE' of git://git.moodle.org/moodle
22984eaeccf9ccd72572cc4cc51ae9372cefa06d not-for-merge branch 'MOODLE_35_STABLE' of git://git.moodle.org/moodle
940aa17049aa429b03cd39a241f6e90c0b1190b7 not-for-merge branch 'MOODLE_36_STABLE' of git://git.moodle.org/moodle
3517c9c9ad10ee2ca233ef4ed8c2a429798b9dd0 not-for-merge branch 'MOODLE_37_STABLE' of git://git.moodle.org/moodle
49648fdf30aae05b61604a12549436cee8c96436 not-for-merge branch 'MOODLE_38_STABLE' of git://git.moodle.org/moodle
e23d81ca404f4ef27e1e10d87b3ea7b9f8dce4a7 not-for-merge branch 'MOODLE_39_STABLE' of git://git.moodle.org/moodle
cb6dc699b8ed9d29dcd9cd400fb96647a471e87a not-for-merge branch 'MOODLE_401_STABLE' of git://git.moodle.org/moodle
0780e87f06eb834786f562316ad9699480bcd24e not-for-merge branch 'master' of git://git.moodle.org/moodle
URL: https://moodle.ase.cs.tum.edu/.git/FETCH_HEAD
Match: cda2e481342ba0644f665ff8e91342abb009192a
URL: https://moodle.ase.cs.tum.edu/.git/ORIG_HEAD
impact: Based on the information provided in these files an attacker might
be able to gather additional info about the structure of the system and its applications.
solution: Mitigation: Restrict access to the SCM files for authorized systems only.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - ac7a41ab-cd3b-4012-a000-7725a8b9ae09 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - cbf152b2-2f4e-430d-8e13-a3872550c7b7 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 0feaa0fd-e98c-41ae-8d4f-07135389af7d - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 1668180765 +0100 checkout: moving from MOODLE_311_STABLE to MOODLE_400_STABLE
cda2e481342ba0644f665ff8e91342abb009192a a2b88160d77b122fdd945bb9ed5d82a850a3adb6 root root@vmbhatotia124.in.tum.de 1675437321 +0100 pull: Fast-forward
a2b88160d77b122fdd945bb9ed5d82a850a3adb6 cb6dc699b8ed9d29dcd9cd400fb96647a471e87a root root@vmbhatotia124.in.tum.de 1675437385 +0100 checkout: moving from MOODLE_400_STABLE to origin/MOODLE_401_STABLE
URL: https://vmbhatotia124.in.tum.de/.git/logs/HEAD
Match: [core]
[remote "origin"]
[branch "MOODLE_311_STABLE"]
[branch "MOODLE_400_STABLE"]
URL: https://vmbhatotia124.in.tum.de/.git/config
Match: # git ls-files --others --exclude-from=.git/info/exclude
URL: https://vmbhatotia124.in.tum.de/.git/info/exclude
Match: Unnamed repository; edit this file 'description' to name the repository.
URL: https://vmbhatotia124.in.tum.de/.git/description
Match: a2b88160d77b122fdd945bb9ed5d82a850a3adb6 branch 'MOODLE_400_STABLE' of git://git.moodle.org/moodle
ec6ed8e4cfa7babc64039869ccc7fa7869a9dc53 not-for-merge branch 'MOODLE_13_STABLE' of git://git.moodle.org/moodle
ff8ed9e11863df18a2ca571195e8c9b0e660a9bf not-for-merge branch 'MOODLE_14_STABLE' of git://git.moodle.org/moodle
20ea0682124c3117ea04f8d83a4fb84747b30437 not-for-merge branch 'MOODLE_15_STABLE' of git://git.moodle.org/moodle
fb1a72d5c2fc61a4dbb9a213d78c6b75fc0098d6 not-for-merge branch 'MOODLE_16_STABLE' of git://git.moodle.org/moodle
cb6d0894c33e0cf9193f05f7c615b1902b371c75 not-for-merge branch 'MOODLE_17_STABLE' of git://git.moodle.org/moodle
91a49999829e23f08502a646d84eb0333405cc16 not-for-merge branch 'MOODLE_18_STABLE' of git://git.moodle.org/moodle
572729aaa5b23c087f712e4fe4c43fa5d7cc1853 not-for-merge branch 'MOODLE_19_STABLE' of git://git.moodle.org/moodle
c4f6df5a1ac39818b6988890d36896e049b0e99d not-for-merge branch 'MOODLE_20_STABLE' of git://git.moodle.org/moodle
6ccbbe593649ce5d5a47d8046f2e30c739cd2a20 not-for-merge branch 'MOODLE_21_STABLE' of git://git.moodle.org/moodle
9c458edc33577cee5fee343333aa00a7b54fcfdd not-for-merge branch 'MOODLE_22_STABLE' of git://git.moodle.org/moodle
cbb12cf9724a0d7248a9ab81eea51fbb3a1eb59c not-for-merge branch 'MOODLE_23_STABLE' of git://git.moodle.org/moodle
928f14b3cc509b9ad27b3172a8417e2ffe03ce72 not-for-merge branch 'MOODLE_24_STABLE' of git://git.moodle.org/moodle
e4a9d2b9f62391813478f0f048de1ea769c1d565 not-for-merge branch 'MOODLE_25_STABLE' of git://git.moodle.org/moodle
97c956f97073448db95ce87aef04d9740989c645 not-for-merge branch 'MOODLE_26_STABLE' of git://git.moodle.org/moodle
54a393ab62c9ac86b08bc7130a80dd8685ff0adf not-for-merge branch 'MOODLE_27_STABLE' of git://git.moodle.org/moodle
aba54964abec2081ba139ad0ea1a4f5627c24fa7 not-for-merge branch 'MOODLE_28_STABLE' of git://git.moodle.org/moodle
382d80646b7efbcae6f80a1b78ebdad78f5fd24e not-for-merge branch 'MOODLE_29_STABLE' of git://git.moodle.org/moodle
0bd0ee444a07818fc495c95697ea1ec1a6abeefb not-for-merge branch 'MOODLE_30_STABLE' of git://git.moodle.org/moodle
3c33177dd21e3a46e8825b2df3cb3476936b68ee not-for-merge branch 'MOODLE_310_STABLE' of git://git.moodle.org/moodle
fa6c77adc74a94ef7e935b985832589a092e4083 not-for-merge branch 'MOODLE_311_STABLE' of git://git.moodle.org/moodle
92e218fd8adafbe8822dbc0e611b540f71764792 not-for-merge branch 'MOODLE_31_STABLE' of git://git.moodle.org/moodle
45f418c1fb6b133e024cc09b346936e80b125078 not-for-merge branch 'MOODLE_32_STABLE' of git://git.moodle.org/moodle
ae82333cf25219ba627538f7e8de72f0b4028460 not-for-merge branch 'MOODLE_33_STABLE' of git://git.moodle.org/moodle
9650f3f56f74941b1ed03833a9e0f55cc7bb7082 not-for-merge branch 'MOODLE_34_STABLE' of git://git.moodle.org/moodle
22984eaeccf9ccd72572cc4cc51ae9372cefa06d not-for-merge branch 'MOODLE_35_STABLE' of git://git.moodle.org/moodle
940aa17049aa429b03cd39a241f6e90c0b1190b7 not-for-merge branch 'MOODLE_36_STABLE' of git://git.moodle.org/moodle
3517c9c9ad10ee2ca233ef4ed8c2a429798b9dd0 not-for-merge branch 'MOODLE_37_STABLE' of git://git.moodle.org/moodle
49648fdf30aae05b61604a12549436cee8c96436 not-for-merge branch 'MOODLE_38_STABLE' of git://git.moodle.org/moodle
e23d81ca404f4ef27e1e10d87b3ea7b9f8dce4a7 not-for-merge branch 'MOODLE_39_STABLE' of git://git.moodle.org/moodle
cb6dc699b8ed9d29dcd9cd400fb96647a471e87a not-for-merge branch 'MOODLE_401_STABLE' of git://git.moodle.org/moodle
0780e87f06eb834786f562316ad9699480bcd24e not-for-merge branch 'master' of git://git.moodle.org/moodle
URL: https://vmbhatotia124.in.tum.de/.git/FETCH_HEAD
Match: cda2e481342ba0644f665ff8e91342abb009192a
URL: https://vmbhatotia124.in.tum.de/.git/ORIG_HEAD
impact: Based on the information provided in these files an attacker might
be able to gather additional info about the structure of the system and its applications.
solution: Mitigation: Restrict access to the SCM files for authorized systems only.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Missing HttpOnly Cookie Attribute (HTTP)
- 2023-05-15T13:16:25Z - 01aa0a05-1fea-48f8-a191-eb340bcb35c5 - 1.3.6.1.4.1.25623.1.0.105925
summary: The remote HTTP web server / application is missing to set the
'HttpOnly' cookie attribute for one or more sent HTTP cookie.
problem: The cookies:
Set-Cookie: MoodleSession=replaced; path=/; secure
are missing the "HttpOnly" attribute.
impact:
solution: Mitigation: Set the 'HttpOnly' attribute for any session cookie.
############################################################
host: moodle.ase.cs.tum.edu, ip: 131.159.89.183, tcp port: 443¶
- 5.0 - Source Control Management (SCM) Files Accessible (HTTP)
- 2023-05-15T13:16:25Z - 0b115856-96af-4990-8554-07d3b50c6c22 - 1.3.6.1.4.1.25623.1.0.111084
summary: The script attempts to identify files of a SCM accessible
at the webserver.
problem: The following SCM files/folders were identified:
Match: 0000000000000000000000000000000000000000 1f6ab2b67640ce4f5038c100fbd626f9b4954f7a root root@vmbhatotia124.in.tum.de 1656435832 +0200 clone: from git://git.moodle.org/moodle.git
1f6ab2b67640ce4f5038c100fbd626f9b4954f7a cda2e481342ba0644f665ff8e91342abb009192a root root@vmbhatotia124.in.tum.de 166818076...
Files
Updated by Anonymous about 2 months ago
- Subtask #11716 added
Updated by Anonymous about 2 months ago
- Subtask #11717 added
Updated by Anonymous about 2 months ago
- Subtask #11718 added
Updated by Anonymous about 2 months ago
- Subtask #11719 added
Updated by Anonymous about 2 months ago
- Subtask #11720 added
Updated by Anonymous about 2 months ago
- Subtask #11721 added
Updated by Anonymous about 2 months ago
- Subtask #11722 added