Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-61D1C05A79EB59F467104A24A8F66EDE

HistoryMar 11, 2022 - 12:00 a.m.

Improper Authorization in Gitea

2022-03-1100:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

github

authorization

gitea

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

30.4%

JSON

Improper Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.

Affected configurations

Vulners

Node

gogiteaRange≤1.16.3

VendorProductVersionCPE
gogitea*cpe:2.3:a:go:gitea:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
go	gitea	*	cpe:2.3:a:go:gitea::::::::

References

github.com/advisories/GHSA-jr9c-h74f-2v28

github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2

huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb

nvd.nist.gov/vuln/detail/CVE-2022-0905

CVSS2

5.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

EPSS

0.001

Percentile

30.4%

JSON

Related for GITLAB-61D1C05A79EB59F467104A24A8F66EDE