Gitea: Multiple Vulnerabilities affecting versions prior to 1.17.3. Cross-site Scripting, Denial of Service, improper access controls, and git backend vulnerability. Nessus has not tested the issues.
Reporter | Title | Published | Views | Family All 173 |
---|---|---|---|---|
Gentoo Linux | Gitea: Multiple Vulnerabilities | 31 Oct 202200:00 | – | gentoo |
Veracode | Cross-Site Scripting (XSS) | 17 Oct 202212:26 | – | veracode |
Veracode | Denial Of Service (DoS) | 17 Oct 202201:29 | – | veracode |
Veracode | Cross-site Scripting (XSS) | 31 May 202201:40 | – | veracode |
Cvelist | CVE-2022-42968 | 16 Oct 202200:00 | – | cvelist |
Cvelist | CVE-2022-38183 | 12 Aug 202200:00 | – | cvelist |
Cvelist | CVE-2022-32149 Denial of service via crafted Accept-Language header in golang.org/x/text/language | 14 Oct 202200:00 | – | cvelist |
Cvelist | CVE-2022-1928 Cross-site Scripting (XSS) - Stored in go-gitea/gitea | 29 May 202200:00 | – | cvelist |
OSV | Gitea vulnerable to Argument Injection in code.gitea.io/gitea | 21 Aug 202416:03 | – | osv |
OSV | BIT-gitea-2022-42968 | 6 Mar 202410:52 | – | osv |
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202210-14.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#
include('compat.inc');
if (description)
{
script_id(166729);
script_version("1.5");
script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/06");
script_cve_id(
"CVE-2022-1928",
"CVE-2022-32149",
"CVE-2022-38183",
"CVE-2022-42968"
);
script_xref(name:"IAVB", value:"2022-B-0046-S");
script_name(english:"GLSA-202210-14 : Gitea: Multiple Vulnerabilities");
script_set_attribute(attribute:"synopsis", value:
"");
script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202210-14 (Gitea: Multiple Vulnerabilities)
- Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. (CVE-2022-1928)
- An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage
will take significant time to parse. (CVE-2022-32149)
- In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper
access controls, an attacker could assign any issue to any project in Gitea (there was no permission check
for fetching the issue). As a result, the attacker would get access to private issue titles.
(CVE-2022-38183)
- Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are
mishandled. (CVE-2022-42968)
Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202210-14");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=848465");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=857819");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=868996");
script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=877355");
script_set_attribute(attribute:"solution", value:
"All Gitea users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose >=www-apps/gitea-1.17.3");
script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1928");
script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-42968");
script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
script_set_attribute(attribute:"exploit_available", value:"true");
script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/29");
script_set_attribute(attribute:"patch_publication_date", value:"2022/10/31");
script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/31");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gitea");
script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
script_set_attribute(attribute:"stig_severity", value:"I");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_family(english:"Gentoo Local Security Checks");
script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
exit(0);
}
include('qpkg.inc');
if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);
var flag = 0;
var packages = [
{
'name' : 'www-apps/gitea',
'unaffected' : make_list("ge 1.17.3", "lt 1.0.0"),
'vulnerable' : make_list("lt 1.17.3")
}
];
foreach package( packages ) {
if (isnull(package['unaffected'])) package['unaffected'] = make_list();
if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}
# This plugin has a different number of unaffected and vulnerable versions for
# one or more packages. To ensure proper detection, a separate line should be
# used for each fixed/vulnerable version pair.
if (flag)
{
security_report_v4(
port : 0,
severity : SECURITY_NOTE,
extra : qpkg_report_get()
);
exit(0);
}
else
{
qpkg_tests = list_uniq(qpkg_tests);
var tested = qpkg_tests_get();
if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Gitea');
}
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo