diff options
| author | Stefan Bethke <stb@lassitu.de> | 2022-08-05 16:33:32 +0000 |
|---|---|---|
| committer | Nuno Teixeira <eduardo@FreeBSD.org> | 2022-08-05 16:36:48 +0000 |
| commit | c15a234456248f4af18d904d4c9a54f01f4d321e (patch) | |
| tree | 4dcdb2490a235f1e701263a46240a62d36d30f7b | |
| parent | a835676e2eacf4ce89effff1de3a61133c520794 (diff) | |
| download | ports-c15a234456248f4af18d904d4c9a54f01f4d321e.tar.gz ports-c15a234456248f4af18d904d4c9a54f01f4d321e.zip | |
security/vuxml: Document Gitea multiple vulnerabilities
- Add write check for creating Commit status
https://github.com/go-gitea/gitea/pull/20334
- Check for permission when fetching user controlled issues
https://github.com/go-gitea/gitea/pull/20196
PR: 265526
| -rw-r--r-- | security/vuxml/vuln-2022.xml | 28 |
1 files changed, 28 insertions, 0 deletions
diff --git a/security/vuxml/vuln-2022.xml b/security/vuxml/vuln-2022.xml index d409f5d39390..ba963e7d410f 100644 --- a/security/vuxml/vuln-2022.xml +++ b/security/vuxml/vuln-2022.xml @@ -1,3 +1,31 @@ + <vuln vid="df29c391-1046-11ed-a7ac-0800273f11ea"> + <topic>gitea -- multiple issues</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.16.9</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Gitea team reports:</p> + <blockquote cite="https://github.com/go-gitea/gitea/pull/20334"> + <p>Add write check for creating Commit status</p> + </blockquote> + <blockquote cite="https://github.com/go-gitea/gitea/pull/20196"> + <p>Check for permission when fetching user controlled issues</p> + </blockquote> + </body> + </description> + <references> + <url>https://github.com/go-gitea/gitea/releases/tag/v1.16.9</url> + </references> + <dates> + <discovery>2022-07-12</discovery> + <entry>2022-08-05</entry> + </dates> + </vuln> + <vuln vid="3b47104f-1461-11ed-a0c5-080027240888"> <topic>Django -- multiple vulnerabilities</topic> <affects> |