FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
8bec3994-104d-11ed-a7ac-0800273f11eagitea -- multiple issues

The Gitea team reports:

Use git.HOME_PATH for Git HOME directory

Add write check for creating Commit status

Remove deprecated SSH ciphers from default


Discovery 2022-07-12
Entry 2022-08-05
gitea
< 1.17.0

https://github.com/go-gitea/gitea/releases/tag/v1.17.0
83466f76-aefe-11ec-b4b6-d05099c0c059gitea -- Open Redirect on login

Andrew Thornton reports:

When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes.


Discovery 2022-03-23
Entry 2022-03-29
gitea
< 1.16.5

CVE-2022-1058
https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/
df794e5d-3975-11ec-84e8-0800273f11eagitea -- multiple vulnerabilities

The Gitea Team reports for release 1.15.5:

  • Upgrade Bluemonday to v1.0.16 (#17372) (#17374)
  • Ensure correct SSH permissions check for private and restricted users (#17370) (#17373)

Discovery 2021-10-21
Entry 2021-11-04
gitea
< 1.15.5

https://github.com/go-gitea/gitea/releases/tag/v1.15.5
ports/259548
b8a0fea2-9be9-11ed-8acf-0800277bb8a8gitea -- information disclosure

The Gitea team reports:

Prevent multiple To recipients: Change the mailer interface to prevent leaking of possible hidden email addresses when sending to multiple recipients.


Discovery 2022-01-22
Entry 2023-01-24
gitea
< 1.18.3

https://blog.gitea.io/2023/01/gitea-1.18.3-is-released/
d0da046a-81e6-11ed-96ca-0800277bb8a8gitea -- multiple issues

The Gitea team reports:

Do not allow Ghost access to limited visible user/org

Fix package access for admins and inactive users


Discovery 2022-10-24
Entry 2022-12-22
gitea
< 1.17.4

https://github.com/go-gitea/gitea/releases/tag/v1.17.4
86c330fe-bbae-4ca7-85f7-5321e627a4ebgitea -- multiple issues

The Gitea team reports:

Remove ReverseProxy authentication from the API

Support Go Vulnerability Management

Forbid HTML string tooltips


Discovery 2022-08-23
Entry 2023-01-02
gitea
< 1.18.0

https://blog.gitea.io/2022/12/gitea-1.18.0-is-released/
https://github.com/go-gitea/gitea/releases/tag/v1.18.0
d713d709-4cc9-11ed-a621-0800277bb8a8gitea -- multiple issues

The Gitea team reports:

Sanitize and Escape refs in git backend

Bump golang.org/x/text

Update bluemonday


Discovery 2022-09-27
Entry 2022-10-15
gitea
< 1.17.3

https://github.com/go-gitea/gitea/releases/tag/v1.17.3
0ff80f41-aefe-11ec-b4b6-d05099c0c059gitea -- Improper/incorrect authorization

Youssef Rebahi-Gilbert reports:

When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login.


Discovery 2022-03-06
Entry 2022-03-29
gitea
< 1.16.4

CVE-2022-0905
https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb
df29c391-1046-11ed-a7ac-0800273f11eagitea -- multiple issues

The Gitea team reports:

Add write check for creating Commit status

Check for permission when fetching user controlled issues


Discovery 2022-07-12
Entry 2022-08-05
gitea
< 1.16.9

https://github.com/go-gitea/gitea/releases/tag/v1.16.9
f75722ce-31b0-11ed-8b56-0800277bb8a8gitea -- multiple issues

The Gitea team reports:

Double check CloneURL is acceptable

Add more checks in migration code


Discovery 2022-08-19
Entry 2022-09-11
gitea
< 1.17.2

https://blog.gitea.io/2022/09/gitea-1.17.2-is-released/
95ee401d-cc6a-11ec-9cfc-10c37b4ac2eagitea -- Escape git fetch remote

The Gitea team reports:

Escape git fetch remote in services/migrations/gitea_uploader.go


Discovery 2022-04-25
Entry 2022-05-05
gitea
< 1.16.7

https://github.com/go-gitea/gitea/pull/19487