Date: Fri, 16 Feb 2024 08:49:13 GMT From: Fernando =?utf-8?Q?Apestegu=C3=ADa?= <fernape@FreeBSD.org> To: ports-committers@FreeBSD.org, dev-commits-ports-all@FreeBSD.org, dev-commits-ports-main@FreeBSD.org Subject: git: 41926dd0b36d - main - security/vuxml: document www/gitea vulnerability Message-ID: <202402160849.41G8nDfk098598@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by fernape: URL: https://cgit.FreeBSD.org/ports/commit/?id=41926dd0b36d937621ba2596f6957e1ca70b14a6 commit 41926dd0b36d937621ba2596f6957e1ca70b14a6 Author: Fernando ApesteguĂa <fernape@FreeBSD.org> AuthorDate: 2024-02-16 08:35:46 +0000 Commit: Fernando ApesteguĂa <fernape@FreeBSD.org> CommitDate: 2024-02-16 08:48:14 +0000 security/vuxml: document www/gitea vulnerability Prevent anonymous container access if RequireSignInView is enabled PR: 277066 --- security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++ 1 file changed, 26 insertions(+) diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml index 0e2e0c9048f0..f0f597bbd7e4 100644 --- a/security/vuxml/vuln/2024.xml +++ b/security/vuxml/vuln/2024.xml @@ -1694,3 +1694,29 @@ <entry>2024-01-02</entry> </dates> </vuln> + + <vuln vid="bd7592a1-cbfd-11ee-a42a-5404a6f3ca32"> + <topic>gitea -- Prevent anonymous container access</topic> + <affects> + <package> + <name>gitea</name> + <range><lt>1.21.5</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <h1>Problem Description:</h1> + <p> + Even with RequireSignInView enabled, anonymous users can use docker pull + to fetch public images. + </p> + </body> + </description> + <references> + <url>https://blog.gitea.com/release-of-1.21.5/</url> + </references> + <dates> + <discovery>2024-01-24</discovery> + <entry>2024-02-15</entry> + </dates> + </vuln>
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202402160849.41G8nDfk098598>