Detections
Analytics

FreeBSD : gitea -- multiple vulnerabilities (be088777-6085-11ea-8609-08002731610e)

high Nessus Plugin ID 134337

Language:

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Gitea Team reports for release 1.11.0 :

- Never allow an empty password to validate (#9682) (#9683)

- Prevent redirect to Host (#9678) (#9679)

- Swagger hide search field (#9554)

- Add 'search' to reserved usernames (#9063)

- Switch to fomantic-ui (#9374)

- Only serve attachments when linked to issue/release and if accessible by user (#9340)

The Gitea Team reports for release 1.11.2 :

- Ensure only own addresses are updated (#10397) (#10399)

- Logout POST action (#10582) (#10585)

- Org action fixes and form cleanup (#10512) (#10514)

- Change action GETs to POST (#10462) (#10464)

- Fix admin notices (#10480) (#10483)

- Change admin dashboard to POST (#10465) (#10466)

- Update markbates/goth (#10444) (#10445)

- Update crypto vendors (#10385) (#10398)

Solution

Update the affected package.

See Also

https://blog.gitea.io/2020/02/gitea-1.11.0-is-released/

https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=244025

http://www.nessus.org/u?0c300a5f

Plugin Details

Severity: High

ID: 134337

File Name: freebsd_pkg_be088777608511ea860908002731610e.nasl

Version: 1.1

Type: local

Published: 3/9/2020

Updated: 3/9/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gitea, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/7/2020

Vulnerability Publication Date: 11/18/2019