x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-r7h7-chh4-5rvm #2781

GoVulnBot · 2024-04-25T00:01:40Z

In GitHub Security Advisory GHSA-r7h7-chh4-5rvm, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/go-gitea/gitea	1.12.6	>= 0.9.99, < 1.12.6

Cross references:

Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45325 #308 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45326 #309 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45327 #310 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45329 #314 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45331 #315 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-29134 #353 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-27313 #442 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-30781 #450 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-36h2-95gj-w488 #579 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea/models: GHSA-f5fj-7265-jxhj #823 NOT_IMPORTABLE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-g2qx-6ghw-67hm #830 NOT_IMPORTABLE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea/models: GHSA-hpmr-prr2-cqc4 #846 NOT_IMPORTABLE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea/models: GHSA-q47x-6mqq-4w92 #862 NOT_IMPORTABLE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-42968 #1065 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-38795 #1999 EFFECTIVELY_PRIVATE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2019-1000002 #2221 LEGACY_FALSE_POSITIVE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2019-1010314 #2222 LEGACY_FALSE_POSITIVE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2019-11576 #2234 LEGACY_FALSE_POSITIVE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2020-14144 #2276 LEGACY_FALSE_POSITIVE
CVE-2020-28991 appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2020-28991 #2298 LEGACY_FALSE_POSITIVE
Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2020-28991 #2298 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/go-gitea/gitea
      versions:
        - introduced: 0.9.99
          fixed: 1.12.6
      packages:
        - package: github.com/go-gitea/gitea
summary: Improper Access Control in Gitea in github.com/go-gitea/gitea
cves:
    - CVE-2020-28991
ghsas:
    - GHSA-r7h7-chh4-5rvm
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-28991
    - fix: https://github.com/go-gitea/gitea/pull/13525
    - web: https://github.com/go-gitea/gitea/releases/tag/v1.12.6
    - advisory: https://github.com/advisories/GHSA-r7h7-chh4-5rvm
source:
    id: GHSA-r7h7-chh4-5rvm

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-04-30T15:58:01Z

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

tatianab · 2024-04-30T17:40:54Z

Duplicate of #2298

tatianab marked this as a duplicate of #2298 Apr 30, 2024

tatianab closed this as completed Apr 30, 2024

tatianab added the duplicate label Apr 30, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-r7h7-chh4-5rvm #2781

x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-r7h7-chh4-5rvm #2781

GoVulnBot commented Apr 25, 2024

gopherbot commented Apr 30, 2024

tatianab commented Apr 30, 2024

x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-r7h7-chh4-5rvm #2781

x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-r7h7-chh4-5rvm #2781

Comments

GoVulnBot commented Apr 25, 2024

gopherbot commented Apr 30, 2024

tatianab commented Apr 30, 2024