Lucene search
K

109 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 4:28 a.m.8 views

CVE-2023-49947

Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication...

7.5CVSS7AI score0.00614EPSS
Exploits0
OPENSUSE Linux
OPENSUSE Linux
added 2025/04/17 12:0 a.m.3 views

forgejo-10.0.3-2.1 on GA media (moderate)

forgejo-10.0.3-2.1 on GA media Announcement ID: openSUSE-SU-2025:15001-1 Rating: moderate Cross-References: CVE-2025-3445 CVSS scores: CVE-2025-3445 SUSE : 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:H/A:L Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be...

8.1CVSS7.3AI score0.00413EPSS
Exploits0
OSV
OSV
added 2025/04/16 12:0 a.m.4 views

OPENSUSE-SU-2025:15001-1 forgejo-10.0.3-2.1 on GA media

These are all security issues fixed in the forgejo-10.0.3-2.1 package on the GA media of openSUSE Tumbleweed...

8.1CVSS6.9AI score0.00413EPSS
Exploits0References2
OSV
OSV
added 2025/03/24 12:0 a.m.4 views

OPENSUSE-SU-2025:14919-1 forgejo-10.0.3-1.1 on GA media

These are all security issues fixed in the forgejo-10.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.8AI score0.00868EPSS
Exploits0References2
OPENSUSE Linux
OPENSUSE Linux
added 2025/03/13 12:0 a.m.4 views

forgejo-runner-6.2.2-3.1 on GA media (moderate)

forgejo-runner-6.2.2-3.1 on GA media Announcement ID: openSUSE-SU-2025:14881-1 Rating: moderate Cross-References: CVE-2025-22869 CVSS scores: CVE-2025-22869 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2025-22869 SUSE : 8.2...

8.2CVSS8.1AI score0.00868EPSS
Exploits0
OSV
OSV
added 2025/03/12 12:0 a.m.11 views

OPENSUSE-SU-2025:14881-1 forgejo-runner-6.2.2-3.1 on GA media

These are all security issues fixed in the forgejo-runner-6.2.2-3.1 package on the GA media of openSUSE Tumbleweed...

7.5CVSS7.8AI score0.00868EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2025/01/24 3:17 p.m.554 views

Exploit for CVE-2024-45337

Proof of Concept exploit for CVE-2024-45337 === This repository...

9.1CVSS7.1AI score0.03153EPSS
Exploits2
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.3 views

FreeBSD : forgejo -- multiple vulnerabilities (6dcf6fc6-bca0-11ef-8926-9b4f2d14eb53)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 6dcf6fc6-bca0-11ef-8926-9b4f2d14eb53 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

5.6AI score
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.3 views

FreeBSD : forgejo -- multiple vulnerabilities (5ca064a6-bca1-11ef-8926-9b4f2d14eb53)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 5ca064a6-bca1-11ef-8926-9b4f2d14eb53 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

5.6AI score
Exploits0References9
Tenable Nessus
Tenable Nessus
added 2024/12/18 12:0 a.m.2 views

FreeBSD : forgejo -- unauthorized user impersonation (25a697de-bca1-11ef-8926-9b4f2d14eb53)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 25a697de-bca1-11ef-8926-9b4f2d14eb53 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

5.6AI score
Exploits0References2
FreeBSD
FreeBSD
added 2024/12/12 12:0 a.m.8 views

forgejo -- unauthorized user impersonation

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

7.3AI score
Exploits0References1
FreeBSD
FreeBSD
added 2024/12/12 12:0 a.m.9 views

forgejo -- multiple vulnerabilities

Problem Description: When Forgejo is configured to run the internal ssh server with server.STARTSSHSERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running fr...

7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/10/30 12:0 a.m.2 views

FreeBSD : forgejo -- multiple vulnerabilities (f07c8f87-8e65-11ef-81b8-659bf0027d16)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f07c8f87-8e65-11ef-81b8-659bf0027d16 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's...

5.6AI score
Exploits0References4
FreeBSD
FreeBSD
added 2024/10/28 12:0 a.m.7 views

forgejo -- multiple vulnerabilities

Problem Description: Forgejo generates a token which is used to authenticate web endpoints that are only meant to be used internally, for instance when the SSH daemon is used to push a commit with Git. The verification of this token was not done in constant time and was susceptible to timing...

7.2AI score
Exploits0References3
OSV
OSV
added 2024/09/10 12:0 a.m.13 views

OPENSUSE-SU-2024:14330-1 forgejo-8.0.3-1.1 on GA media

These are all security issues fixed in the forgejo-8.0.3-1.1 package on the GA media of openSUSE Tumbleweed...

6.4CVSS6.6AI score0.00897EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/09/07 12:0 a.m.37 views

FreeBSD : forgejo -- multiple vulnerabilities (a5e13973-6c75-11ef-858b-23eeba13701a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a5e13973-6c75-11ef-858b-23eeba13701a advisory. - Webpack is a module bundler. Its main purpose is to bundle JavaScript files for usage in a browser, y...

6.4CVSS6.6AI score0.00897EPSS
Exploits1References3
FreeBSD
FreeBSD
added 2024/09/03 12:0 a.m.20 views

forgejo -- multiple vulnerabilities

Problem Description: Replace v-html with v-text in search inputbox Upgrade webpack to v5.94.0 as a precaution to mitigate CVE-2024-43788, although we were not yet able to confirm that this can be exploited in Forgejo...

6.4CVSS6.8AI score0.00897EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2024/08/31 12:0 a.m.15 views

FreeBSD : forgejo -- The scope of application tokens was not verified when writing containers or Conan packages. (eb437e17-66a1-11ef-ac08-75165d18d8d2)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the eb437e17-66a1-11ef-ac08-75165d18d8d2 advisory. The forgejo team reports: The scope of application tokens was not verified when writing containers or...

5.7AI score
Exploits0References2
OSV
OSV
added 2024/08/25 12:0 a.m.17 views

OPENSUSE-SU-2024:14287-1 forgejo-runner-3.5.1-1.1 on GA media

These are all security issues fixed in the forgejo-runner-3.5.1-1.1 package on the GA media of openSUSE Tumbleweed...

7.8CVSS7.6AI score0.00258EPSS
Exploits0References1
OSV
OSV
added 2024/06/17 12:0 a.m.9 views

OPENSUSE-SU-2024:14050-1 forgejo-7.0.4-1.1 on GA media

These are all security issues fixed in the forgejo-7.0.4-1.1 package on the GA media of openSUSE Tumbleweed...

5.5CVSS6.5AI score0.00446EPSS
Exploits0References1
Rows per page
Query Builder