Lines 1667-1669
Link Here
|
1667 |
<entry>2024-01-02</entry> |
1667 |
<entry>2024-01-02</entry> |
1668 |
</dates> |
1668 |
</dates> |
1669 |
</vuln> |
1669 |
</vuln> |
|
|
1670 |
|
1671 |
<vuln vid="bd7592a1-cbfd-11ee-a42a-5404a6f3ca32"> |
1672 |
<topic>gitea -- Prevent anonymous container access</topic> |
1673 |
<affects> |
1674 |
<package> |
1675 |
<name>gitea</name> |
1676 |
<range><lt>1.21.5</lt></range> |
1677 |
</package> |
1678 |
</affects> |
1679 |
<description> |
1680 |
<body xmlns="http://www.w3.org/1999/xhtml"> |
1681 |
<h1>Problem Description:</h1> |
1682 |
<p> |
1683 |
Even with RequireSignInView enabled, anonymous users can use docker pull |
1684 |
to fetch public images. |
1685 |
</p> |
1686 |
</body> |
1687 |
</description> |
1688 |
<references> |
1689 |
<url>https://blog.gitea.com/release-of-1.21.5/</url> |
1690 |
</references> |
1691 |
<dates> |
1692 |
<discovery>2024-01-24</discovery> |
1693 |
<entry>2024-02-15</entry> |
1694 |
</dates> |
1695 |
</vuln> |