Описание
Capture-replay in Gitea
Gitea is a project to help users set up a self-hosted Git service. Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. This could allow a remote malicious user to execute arbitrary code.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2021-45327
- https://github.com/go-gitea/gitea/pull/10462
- https://github.com/go-gitea/gitea/pull/10465
- https://github.com/go-gitea/gitea/pull/10582
- https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67
- https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab
- https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea
- https://blog.gitea.io/2020/03/gitea-1.11.2-is-released
Пакеты
github.com/go-gitea/gitea
< 1.11.2
1.11.2
Связанные уязвимости
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on ...
Уязвимость интерфейса системы управления Git-репозиториями Gitea, связанная с обходом процедуры аутентификации с помощью захвата-воспроизведения (capture-replay) перехваченных параметров, позволяющая нарушителю обойти ограничения безопасности, получить несанкционированный доступ на чтение, изменения или удаления данных, или выполнить произвольный код