diff options
| author | Stefan Bethke <stb@lassitu.de> | 2023-08-28 15:13:51 +0000 |
|---|---|---|
| committer | Li-Wen Hsu <lwhsu@FreeBSD.org> | 2023-08-28 15:17:02 +0000 |
| commit | c9de928254bda56201e2b60055d135c35067eba7 (patch) | |
| tree | a2d960250b172019b7b7402aad3f6411fd0b49fb | |
| parent | 6eed0ced5ace1dab9d13e0cabb12fa9a9ba52b1d (diff) | |
| download | ports-c9de928254bda56201e2b60055d135c35067eba7.tar.gz ports-c9de928254bda56201e2b60055d135c35067eba7.zip | |
security/vuxml: Document gitea -- information disclosure
PR: 273379
| -rw-r--r-- | security/vuxml/vuln/2023.xml | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 0173656d4737..26331c341905 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,33 @@ + <vuln vid="36a37c92-44b1-11ee-b091-6162c1274384"> + <topic>gitea -- information disclosure</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.20.3</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>The Gitea team reports:</p> + <blockquote cite="https://github.com/go-gitea/gitea/pull/25097"> + <p>Fix API leaking Usermail if not logged in</p> + <p>The API should only return the real Mail of a User, if the + caller is logged in. The check do to this don't work. This PR + fixes this. This not really a security issue, but can lead to + Spam.</p> + </blockquote> + </body> + </description> + <references> + <url>https://blog.gitea.com/release-of-1.20.3</url> + <url>https://github.com/go-gitea/gitea/releases/tag/v1.20.3</url> + </references> + <dates> + <discovery>2023-06-06</discovery> + <entry>2023-08-27</entry> + </dates> + </vuln> + <vuln vid="5fa332b9-4269-11ee-8290-a8a1599412c6"> <topic>chromium -- multiple vulnerabilities</topic> <affects> |