CVE-2018-1000803

Опубликовано: 08 окт. 2018

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.

Ссылки

https://github.com/go-gitea/gitea/pull/4664
Patch
Third Party Advisory
https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57
Patch
Third Party Advisory
https://github.com/go-gitea/gitea/pull/4664
Patch
Third Party Advisory
https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*

Версия до 1.5.1 (исключая)

EPSS

Процентиль: 46%

0.00232

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

Связанные уязвимости

CVE-2018-1000803

CVSS3: 5.3

debian

больше 7 лет назад

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability ...

GHSA-f5fj-7265-jxhj

CVSS3: 5.3

github

почти 4 года назад

Gitea Exposes Private Email Addresses

EPSS

Процентиль: 46%

0.00232

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200