Lucene search

K

GLSA-202210-14 : Gitea: Multiple Vulnerabilities

Gitea: Multiple Vulnerabilities affecting versions prior to 1.17.3. Cross-site Scripting, Denial of Service, improper access controls, and git backend vulnerability. Nessus has not tested the issues.

Show more
Related
Refs
Code
ReporterTitlePublishedViews
Family
Gentoo Linux
Gitea: Multiple Vulnerabilities
31 Oct 202200:00
gentoo
Veracode
Cross-Site Scripting (XSS)
17 Oct 202212:26
veracode
Veracode
Denial Of Service (DoS)
17 Oct 202201:29
veracode
Veracode
Cross-site Scripting (XSS)
31 May 202201:40
veracode
Cvelist
CVE-2022-42968
16 Oct 202200:00
cvelist
Cvelist
CVE-2022-38183
12 Aug 202200:00
cvelist
Cvelist
CVE-2022-32149 Denial of service via crafted Accept-Language header in golang.org/x/text/language
14 Oct 202200:00
cvelist
Cvelist
CVE-2022-1928 Cross-site Scripting (XSS) - Stored in go-gitea/gitea
29 May 202200:00
cvelist
OSV
Gitea vulnerable to Argument Injection in code.gitea.io/gitea
21 Aug 202416:03
osv
OSV
BIT-gitea-2022-42968
6 Mar 202410:52
osv
Rows per page
#%NASL_MIN_LEVEL 80900
#
# (C) Tenable, Inc.
#
# @NOAGENT@
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 202210-14.
#
# The advisory text is Copyright (C) 2001-2021 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include('compat.inc');

if (description)
{
  script_id(166729);
  script_version("1.5");
  script_set_attribute(attribute:"plugin_modification_date", value:"2023/10/06");

  script_cve_id(
    "CVE-2022-1928",
    "CVE-2022-32149",
    "CVE-2022-38183",
    "CVE-2022-42968"
  );
  script_xref(name:"IAVB", value:"2022-B-0046-S");

  script_name(english:"GLSA-202210-14 : Gitea: Multiple Vulnerabilities");

  script_set_attribute(attribute:"synopsis", value:
"");
  script_set_attribute(attribute:"description", value:
"The remote host is affected by the vulnerability described in GLSA-202210-14 (Gitea: Multiple Vulnerabilities)

  - Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. (CVE-2022-1928)

  - An attacker may cause a denial of service by crafting an Accept-Language header which ParseAcceptLanguage
    will take significant time to parse. (CVE-2022-32149)

  - In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper
    access controls, an attacker could assign any issue to any project in Gitea (there was no permission check
    for fetching the issue). As a result, the attacker would get access to private issue titles.
    (CVE-2022-38183)

  - Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are
    mishandled. (CVE-2022-42968)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://security.gentoo.org/glsa/202210-14");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=848465");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=857819");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=868996");
  script_set_attribute(attribute:"see_also", value:"https://bugs.gentoo.org/show_bug.cgi?id=877355");
  script_set_attribute(attribute:"solution", value:
"All Gitea users should upgrade to the latest version:

          # emerge --sync
          # emerge --ask --oneshot --verbose >=www-apps/gitea-1.17.3");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:S/C:N/I:P/A:N");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-1928");
  script_set_attribute(attribute:"cvss3_score_source", value:"CVE-2022-42968");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2022/05/29");
  script_set_attribute(attribute:"patch_publication_date", value:"2022/10/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2022/10/31");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:gitea");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
  script_set_attribute(attribute:"stig_severity", value:"I");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Gentoo Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2022-2023 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}
include('qpkg.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item('Host/Gentoo/release')) audit(AUDIT_OS_NOT, 'Gentoo');
if (!get_kb_item('Host/Gentoo/qpkg-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var flag = 0;

var packages = [
  {
    'name' : 'www-apps/gitea',
    'unaffected' : make_list("ge 1.17.3", "lt 1.0.0"),
    'vulnerable' : make_list("lt 1.17.3")
  }
];

foreach package( packages ) {
  if (isnull(package['unaffected'])) package['unaffected'] = make_list();
  if (isnull(package['vulnerable'])) package['vulnerable'] = make_list();
  if (qpkg_check(package: package['name'] , unaffected: package['unaffected'], vulnerable: package['vulnerable'])) flag++;
}

# This plugin has a different number of unaffected and vulnerable versions for
# one or more packages. To ensure proper detection, a separate line should be 
# used for each fixed/vulnerable version pair.

if (flag)
{
  security_report_v4(
    port       : 0,
    severity   : SECURITY_NOTE,
    extra      : qpkg_report_get()
  );
  exit(0);
}
else
{
  qpkg_tests = list_uniq(qpkg_tests);
  var tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Gitea');
}

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
31 Oct 2022 00:00Current
7.2High risk
Vulners AI Score7.2
CVSS23.5
CVSS39.8
EPSS0.002
50
.json
Report