Описание
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2025-68937
- https://blog.gitea.com/release-of-1.24.7
- https://codeberg.org/forgejo/forgejo/milestone/27340
- https://codeberg.org/forgejo/forgejo/milestone/29156
- https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/11.0.7.md
- https://codeberg.org/forgejo/forgejo/src/branch/forgejo/release-notes-published/13.0.2.md
- https://codeberg.org/forgejo/security-announcements/issues/43
Связанные уязвимости
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
Forgejo before 13.0.2 allows attackers to write to unintended files, a ...
Уязвимость платформы для совместной разработки Forgejo, связанная с недостатками механизма обработки символьных ссылок, позволяющая нарушителю получить несанкционированный доступ к платформе