GHSA-jr9c-h74f-2v28
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jr9c-h74f-2v28
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/03/GHSA-jr9c-h74f-2v28/GHSA-jr9c-h74f-2v28.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jr9c-h74f-2v28
- Aliases
- Published
- 2022-03-11T00:02:35Z
- Modified
- 2024-08-21T15:41:46.025501Z
- Severity
-
- 7.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N CVSS Calculator
- Summary
- Gitea Missing Authorization vulnerability
- Details
-
Gitea 1.16.3 and prior is vulnerable to missing authorization. A patch is available as part of the 1.16.4 release.
- Database specific
{ "nvd_published_at": "2022-03-10T15:15:00Z", "github_reviewed_at": "2022-03-11T20:32:37Z", "cwe_ids": [ "CWE-862" ], "severity": "HIGH", "github_reviewed": true }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2022-0905
- https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2
- https://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314
- https://github.com/go-gitea/gitea
- https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb
Affected packages
Go / code.gitea.io/gitea
Package
- Name
- code.gitea.io/gitea
- View open source insights on deps.dev
- Purl
- pkg:golang/code.gitea.io/gitea