git: 41926dd0b36d - main - security/vuxml: document www/gitea vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Fri, 16 Feb 2024 08:49:13 UTC
The branch main has been updated by fernape:
URL: https://cgit.FreeBSD.org/ports/commit/?id=41926dd0b36d937621ba2596f6957e1ca70b14a6
commit 41926dd0b36d937621ba2596f6957e1ca70b14a6
Author: Fernando Apesteguía <fernape@FreeBSD.org>
AuthorDate: 2024-02-16 08:35:46 +0000
Commit: Fernando Apesteguía <fernape@FreeBSD.org>
CommitDate: 2024-02-16 08:48:14 +0000
security/vuxml: document www/gitea vulnerability
Prevent anonymous container access if RequireSignInView is enabled
PR: 277066
---
security/vuxml/vuln/2024.xml | 26 ++++++++++++++++++++++++++
1 file changed, 26 insertions(+)
diff --git a/security/vuxml/vuln/2024.xml b/security/vuxml/vuln/2024.xml
index 0e2e0c9048f0..f0f597bbd7e4 100644
--- a/security/vuxml/vuln/2024.xml
+++ b/security/vuxml/vuln/2024.xml
@@ -1694,3 +1694,29 @@
<entry>2024-01-02</entry>
</dates>
</vuln>
+
+ <vuln vid="bd7592a1-cbfd-11ee-a42a-5404a6f3ca32">
+ <topic>gitea -- Prevent anonymous container access</topic>
+ <affects>
+ <package>
+ <name>gitea</name>
+ <range><lt>1.21.5</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <h1>Problem Description:</h1>
+ <p>
+ Even with RequireSignInView enabled, anonymous users can use docker pull
+ to fetch public images.
+ </p>
+ </body>
+ </description>
+ <references>
+ <url>https://blog.gitea.com/release-of-1.21.5/</url>
+ </references>
+ <dates>
+ <discovery>2024-01-24</discovery>
+ <entry>2024-02-15</entry>
+ </dates>
+ </vuln>