Skip to content

x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-fhv8-m4j4-cww2 #2769

Closed
Closed
x/vulndb: potential Go vuln in code.gitea.io/gitea: GHSA-fhv8-m4j4-cww2#2769
Assignees
maceonthompson
Labels
triaged
@GoVulnBot

Description

@GoVulnBot
GoVulnBot
opened on Apr 24, 2024

In GitHub Security Advisory GHSA-fhv8-m4j4-cww2, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
code.gitea.io/gitea 1.16.9 < 1.16.9

Cross references:

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: code.gitea.io/gitea
      versions:
        - fixed: 1.16.9
      vulnerable_at: 1.16.8
      packages:
        - package: code.gitea.io/gitea
summary: Gitea allowed assignment of private issues in code.gitea.io/gitea
cves:
    - CVE-2022-38183
ghsas:
    - GHSA-fhv8-m4j4-cww2
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2022-38183
    - fix: https://github.com/go-gitea/gitea/pull/20133
    - fix: https://github.com/go-gitea/gitea/pull/20196
    - web: https://blog.gitea.io/2022/07/gitea-1.16.9-is-released
    - web: https://herolab.usd.de/security-advisories/usd-2022-0015
    - advisory: https://github.com/advisories/GHSA-fhv8-m4j4-cww2
source:
    id: GHSA-fhv8-m4j4-cww2

Metadata

Metadata

Assignees

Labels

triaged

Type

No type

Fields

No fields configured for issues without a type.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions