Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="b3f77aae-241c-11ee-9684-c11c23f7b0f9"> |
2 |
<topic>gitea -- multiple issues</topic> |
3 |
<affects> |
4 |
<package> |
5 |
<name>gitea</name> |
6 |
<range><lt>1.20.0</lt></range> |
7 |
</package> |
8 |
</affects> |
9 |
<description> |
10 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
11 |
<p>The Gitea team reports:</p> |
12 |
<blockquote cite="https://github.com/go-gitea/gitea/pull/22759"> |
13 |
<p>Test if container blob is accessible before mounting.</p> |
14 |
</blockquote> |
15 |
<blockquote cite="https://github.com/go-gitea/gitea/pull/22175"> |
16 |
<p>Set type="password" on all auth_token fields</p> |
17 |
<p>Seen when migrating from other hosting platforms.</p> |
18 |
<p>Prevents exposing the token to screen capture/cameras/eyeballs.</p> |
19 |
<p>Prevents the browser from saving the value in its autocomplete |
20 |
dictionary, which often is not secure.</p> |
21 |
</blockquote> |
22 |
</body> |
23 |
</description> |
24 |
<references> |
25 |
<url>https://blog.gitea.com/release-of-1.20.0</url> |
26 |
<url>https://github.com/go-gitea/gitea/releases/tag/v1.20.0</url> |
27 |
</references> |
28 |
<dates> |
29 |
<discovery>2023-06-08</discovery> |
30 |
<entry>2023-07-05</entry> |
31 |
</dates> |
32 |
</vuln> |
33 |
|
1 |
<vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75"> |
34 |
<vuln vid="41c60e16-2405-11ee-a0d1-84a93843eb75"> |
2 |
<topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic> |
35 |
<topic>OpenSSL -- AES-SIV implementation ignores empty associated data entries</topic> |
3 |
<affects> |
36 |
<affects> |