109 matches found
Fedora: Security Advisory (FEDORA-2026-a4a01fb680)
The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 43 Update: forgejo-13.0.4-1.fc43
Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...
Fedora 43 : forgejo (2026-a4a01fb680)
The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2026-a4a01fb680 advisory. This is an upstream bug and security fix release. Please view the upstream release notes for more details. Tenable has extracted the preceding description...
CVE-2023-49948
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...
SUSE CVE-2025-68937
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...
FreeBSD : Forgejo -- Symbolic Link (Symlink) Following (963f4e9d-e4d5-11f0-984f-b42e991fc52e)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 963f4e9d-e4d5-11f0-984f-b42e991fc52e advisory. https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports:...
CVE-2025-68937
A flaw was found in Forgejo. This vulnerability allows a remote attacker to write to unintended files and potentially gain server shell access. The flaw occurs due to mishandling of symlink destinations that point outside of the repository when processing template repositories. This could lead to...
CVE-2025-68937
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...
UNIX Symbolic Link (Symlink) Following
Overview Affected versions of this package are vulnerable to UNIX Symbolic Link Symlink Following via the mishandling of symlink destinations while evaluating template repos. An attacker can write to unintended files and potentially gain shell access on the server by creating out-of-repository...
CVE-2025-68937
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...
CVE-2025-68937
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later...
CVE-2025-68937
Forgejo versions before 13.0.2 are affected by a vulnerability in handling of out-of-repository symlink destinations for template repositories, allowing writing to unintended files and potentially gaining server shell access. The issue is fixed in 13.0.2 and also in the 11 LTS line starting with ...
Forgejo 安全漏洞
Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 13.0.2 that stems from mishandling of the template repository symbolic link target, which could result in writing unexpected files and gaining server shell access...
Forgejo -- Symbolic Link (Symlink) Following
https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md reports: Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template...
PT-2025-53511
Уязвимость платформы для совместной разработки Forgejo связана с недостатками механизма обработки символьных ссылок. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, получить несанкционированный доступ к платформе путем отправки специально сформированного файла...
PT-2025-53429
Name of the Vulnerable Software and Affected Versions Forgejo versions prior to 13.0.2 Forgejo version 11.0.7 and later Description The software contains a flaw related to the handling of symlinks within template repositories. This mishandling could allow attackers to write to unintended files,...
[SECURITY] Fedora 43 Update: forgejo-13.0.3-1.fc43
Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...
Fedora: Security Advisory (FEDORA-2025-35fe65f08c)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[SECURITY] Fedora 43 Update: forgejo-13.0.2-1.fc43
Forgejo pronounced /for=CB=88d=CD=A1=CA=92e.jo/ is a lightweight software f orge. Use it to host git repositories, track their issues and allow people to contribute to them!...