Lines 1-3
Link Here
|
|
|
1 |
<vuln vid="b2765c89-a052-11ee-bed2-596753f1a87c"> |
2 |
<topic>gitea -- Prefix Truncation Attack against ChaCha20-Poly1305 and Encrypt-then-MAC aka Terrapin</topic> |
3 |
<affects> |
4 |
<package> |
5 |
<name>gitea</name> |
6 |
<range><lt>1.21.3</lt></range> |
7 |
</package> |
8 |
</affects> |
9 |
<description> |
10 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
11 |
<p>The Gitea team reports:</p> |
12 |
<blockquote cite="https://github.com/go-gitea/gitea/pull/28519"> |
13 |
<p>Update golang.org/x/crypto</p> |
14 |
</blockquote> |
15 |
</body> |
16 |
</description> |
17 |
<references> |
18 |
<url>https://github.com/go-gitea/gitea/releases/tag/v1.21.3</url> |
19 |
</references> |
20 |
<dates> |
21 |
<discovery>2023-12-19</discovery> |
22 |
<entry>2023-12-21</entry> |
23 |
</dates> |
24 |
</vuln> |
25 |
|
26 |
<vuln vid="482bb980-99a3-11ee-b5f7-6bd56600d90c"> |
27 |
<topic>gitea -- missing permission checks</topic> |
28 |
<affects> |
29 |
<package> |
30 |
<name>gitea</name> |
31 |
<range><lt>1.21.2</lt></range> |
32 |
</package> |
33 |
</affects> |
34 |
<description> |
35 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
36 |
<p>The Gitea team reports:</p> |
37 |
<blockquote cite="https://github.com/go-gitea/gitea/pull/28406"> |
38 |
<p>Fix missing check</p> |
39 |
</blockquote> |
40 |
<blockquote cite="https://github.com/go-gitea/gitea/pull/28423"> |
41 |
<p>Do some missing checks</p> |
42 |
</blockquote> |
43 |
<p>By crafting an API request, attackers can access the contents of |
44 |
issues even though the logged-in user does not have access rights to |
45 |
these issues.</p> |
46 |
</body> |
47 |
</description> |
48 |
<references> |
49 |
<url>https://github.com/go-gitea/gitea/releases/tag/v1.21.2</url> |
50 |
</references> |
51 |
<dates> |
52 |
<discovery>2023-12-12</discovery> |
53 |
<entry>2023-12-13</entry> |
54 |
</dates> |
55 |
</vuln> |
56 |
|
1 |
<vuln vid="0f7598cc-9fe2-11ee-b47f-901b0e9408dc"> |
57 |
<vuln vid="0f7598cc-9fe2-11ee-b47f-901b0e9408dc"> |
2 |
<topic>nebula -- security fix for terrapin vulnerability</topic> |
58 |
<topic>nebula -- security fix for terrapin vulnerability</topic> |
3 |
<affects> |
59 |
<affects> |