CVE-2022-38183

Опубликовано: 12 авг. 2022

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles.

Ссылки

https://blog.gitea.io/2022/07/gitea-1.16.9-is-released/
Release Notes
Vendor Advisory
https://herolab.usd.de/security-advisories/usd-2022-0015/
Broken Link
https://security.gentoo.org/glsa/202210-14
Third Party Advisory
https://blog.gitea.io/2022/07/gitea-1.16.9-is-released/
Release Notes
Vendor Advisory
https://herolab.usd.de/security-advisories/usd-2022-0015/
Broken Link
https://security.gentoo.org/glsa/202210-14
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*

Версия до 1.16.9 (исключая)

EPSS

Процентиль: 49%

0.00256

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862

Связанные уязвимости

CVE-2022-38183

CVSS3: 6.5

ubuntu

больше 3 лет назад

CVE-2022-38183

CVSS3: 6.5

debian

больше 3 лет назад

In Gitea before 1.16.9, it was possible for users to add existing issu ...

GHSA-fhv8-m4j4-cww2

CVSS3: 6.5

github

больше 3 лет назад

Gitea allowed assignment of private issues

EPSS

Процентиль: 49%

0.00256

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-862