Summary: | <www-apps/gitea-1.16.9: stored xss bug (CVE-2022-1928) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | filip ambroz <filip.ambroz> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | contact, proxy-maint |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2/ | ||
Whiteboard: | B4 [glsa+] | ||
Package list: | Runtime testing required: | --- |
Description
filip ambroz
2022-05-30 07:07:34 UTC
XSS -> 4 Fix is in 1.16.9. XSS requires user interaction, very low impact, so no GLSA. We've got a bunch of Gitea bugs so we'll GLSA them all together. GLSA request filed. The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/data/glsa.git/commit/?id=3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 commit 3f72d6f5794d0d3c914ffacdf4c915fd8aac8d89 Author: GLSAMaker <glsamaker@gentoo.org> AuthorDate: 2022-10-31 01:10:13 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2022-10-31 01:40:14 +0000 [ GLSA 202210-14 ] Gitea: Multiple Vulnerabilities Bug: https://bugs.gentoo.org/848465 Bug: https://bugs.gentoo.org/857819 Bug: https://bugs.gentoo.org/868996 Bug: https://bugs.gentoo.org/877355 Signed-off-by: GLSAMaker <glsamaker@gentoo.org> Signed-off-by: John Helmert III <ajak@gentoo.org> glsa-202210-14.xml | 48 ++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 48 insertions(+) GLSA released, all done! |