109 matches found
CVE-2023-49947
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...
forgejo-10.0.3-2.1 on GA media (moderate)
forgejo-10.0.3-2.1 on GA media Announcement ID: openSUSE-SU-2025:15001-1 Rating: moderate Cross-References: CVE-2025-3445 CVSS scores: CVE-2025-3445 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...
OPENSUSE-SU-2025:15001-1 forgejo-10.0.3-2.1 on GA media
These are all security issues fixed in the forgejo-10.0.3-2.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2025:14919-1 forgejo-10.0.3-1.1 on GA media
These are all security issues fixed in the forgejo-10.0.3-1.1 package on the GA media of openSUSE Tumbleweed...
forgejo-runner-6.2.2-3.1 on GA media (moderate)
forgejo-runner-6.2.2-3.1 on GA media Announcement ID: openSUSE-SU-2025:14881-1 Rating: moderate Cross-References: CVE-2025-22869 CVSS scores: CVE-2025-22869 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-22869 SUSE : 8.2...
OPENSUSE-SU-2025:14881-1 forgejo-runner-6.2.2-3.1 on GA media
These are all security issues fixed in the forgejo-runner-6.2.2-3.1 package on the GA media of openSUSE Tumbleweed...
Exploit for CVE-2024-45337
Proof of Concept exploit for CVE-2024-45337 === This repository...
FreeBSD : forgejo -- multiple vulnerabilities (6dcf6fc6-bca0-11ef-8926-9b4f2d14eb53)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6dcf6fc6-bca0-11ef-8926-9b4f2d14eb53 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
FreeBSD : forgejo -- multiple vulnerabilities (5ca064a6-bca1-11ef-8926-9b4f2d14eb53)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ca064a6-bca1-11ef-8926-9b4f2d14eb53 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
FreeBSD : forgejo -- unauthorized user impersonation (25a697de-bca1-11ef-8926-9b4f2d14eb53)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 25a697de-bca1-11ef-8926-9b4f2d14eb53 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
forgejo -- unauthorized user impersonation
Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...
forgejo -- multiple vulnerabilities
Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...
FreeBSD : forgejo -- multiple vulnerabilities (f07c8f87-8e65-11ef-81b8-659bf0027d16)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f07c8f87-8e65-11ef-81b8-659bf0027d16 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...
forgejo -- multiple vulnerabilities
Problem Description: Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing...
OPENSUSE-SU-2024:14330-1 forgejo-8.0.3-1.1 on GA media
These are all security issues fixed in the forgejo-8.0.3-1.1 package on the GA media of openSUSE Tumbleweed...
FreeBSD : forgejo -- multiple vulnerabilities (a5e13973-6c75-11ef-858b-23eeba13701a)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a5e13973-6c75-11ef-858b-23eeba13701a advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, y...
forgejo -- multiple vulnerabilities
Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...
FreeBSD : forgejo -- The scope of application tokens was not verified when writing containers or Conan packages. (eb437e17-66a1-11ef-ac08-75165d18d8d2)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb437e17-66a1-11ef-ac08-75165d18d8d2 advisory. The forgejo team reports: The scope of application tokens was not verified when writing containers or...
OPENSUSE-SU-2024:14287-1 forgejo-runner-3.5.1-1.1 on GA media
These are all security issues fixed in the forgejo-runner-3.5.1-1.1 package on the GA media of openSUSE Tumbleweed...
OPENSUSE-SU-2024:14050-1 forgejo-7.0.4-1.1 on GA media
These are all security issues fixed in the forgejo-7.0.4-1.1 package on the GA media of openSUSE Tumbleweed...