x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-3h6c-c475-jm7v #2745

GoVulnBot · 2024-04-22T20:01:28Z

In GitHub Security Advisory GHSA-3h6c-c475-jm7v, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
code.gitea.io/gitea	1.12.6	>= 1.1.0, < 1.12.6

Cross references:

Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-jr9c-h74f-2v28 #609 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-ph3w-2843-72mx #612 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-g95p-88p4-76cm #832 NOT_IMPORTABLE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-hf6f-jq25-8gq9 #844 NOT_IMPORTABLE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: CVE-2021-45330, GHSA-pg38-r834-g45j #982 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-cf6v-9j57-v6r6 #1894 EFFECTIVELY_PRIVATE
Module code.gitea.io/gitea appears in issue x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-5rh7-6gfj-mc87 #1922 EFFECTIVELY_PRIVATE
CVE-2020-14144 appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2020-14144 #2276 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: code.gitea.io/gitea
      versions:
        - introduced: 1.1.0
          fixed: 1.12.6
      vulnerable_at: 1.12.5
      packages:
        - package: code.gitea.io/gitea
summary: Arbitrary Code Execution in Gitea in code.gitea.io/gitea
cves:
    - CVE-2020-14144
ghsas:
    - GHSA-3h6c-c475-jm7v
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-14144
    - fix: https://github.com/go-gitea/gitea/pull/13058
    - fix: https://github.com/go-gitea/gitea/commit/8fe8ab5cbf2977f3a01ea12361df2cd76dce3ea9
    - web: https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script
    - web: https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script
    - web: https://docs.gitlab.com/ee/administration/server_hooks.html
    - web: https://github.com/PandatiX/CVE-2021-28378
    - web: https://github.com/PandatiX/CVE-2021-28378#notes
    - web: https://github.com/go-gitea/gitea/releases
    - web: https://podalirius.net/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution
    - web: https://www.exploit-db.com/exploits/49571
    - web: https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent
    - web: http://packetstormsecurity.com/files/162122/Gitea-Git-Hooks-Remote-Code-Execution.html
    - advisory: https://github.com/advisories/GHSA-3h6c-c475-jm7v
source:
    id: GHSA-3h6c-c475-jm7v

The text was updated successfully, but these errors were encountered:

tatianab · 2024-04-25T15:27:53Z

Duplicate of #2276

tatianab added the duplicate label Apr 25, 2024

tatianab marked this as a duplicate of #2276 Apr 25, 2024

tatianab closed this as completed Apr 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-3h6c-c475-jm7v #2745

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-3h6c-c475-jm7v #2745

GoVulnBot commented Apr 22, 2024

tatianab commented Apr 25, 2024

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-3h6c-c475-jm7v #2745

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-3h6c-c475-jm7v #2745

Comments

GoVulnBot commented Apr 22, 2024

tatianab commented Apr 25, 2024