Описание
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
A flaw was found in Gitea. This issue may allow cross-site scripting (XSS) due to improper input sanitization, which can allow an attacker to inject a malicious script into web pages viewed by other users. To exploit this flaw, an attacker must be able to create a repository with malicious settings or modify the settings of an existing repository.
Отчет
This vulnerability is specific to the Gitea server application, which is not shipped or used by any Red Hat products. While some components may use the Gitea Go SDK, the SDK is a client library and is not impacted by this server-side vulnerability.
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Pipelines | openshift-pipelines-client | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-api-server-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-artifact-manager-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-cache-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-persistenceagent-container | Not affected | ||
| Red Hat OpenShift AI (RHOAI) | odh-ml-pipelines-scheduledworkflow-container | Not affected | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-api-server-rhel8 | Not affected | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-artifact-manager-rhel8 | Not affected | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-cache-rhel8 | Not affected | ||
| Red Hat OpenShift Data Science (RHODS) | rhods/odh-ml-pipelines-persistenceagent-rhel8 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.8 High
CVSS3
Связанные уязвимости
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
Improper Neutralization of Input During Web Page Generation (XSS or 'C ...
Уязвимость системы управления Git-репозиториями Gitea, существующая из-за непринятия мер по защите структуры веб-страницы, позволяющая нарушителю провести атаку межсайтового скриптинга
EPSS
8.8 High
CVSS3