Все бюллетени/c9f2/ALT-PU-2022-3074-2
ALT-PU-2022-3074-2

Обновление пакета gitea в ветке c9f2

Версия1.16.9-alt1
Задание#303505
Опубликовано2026-02-04
Макс. серьёзностьCRITICAL
Серьёзность:

Закрытые проблемы (12)

CVE-2021-45330
CRITICAL9.8

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.

Опубликовано: 2022-02-09Изменено: 2026-06-17
CVSS 2.0ВЫСОКАЯ 7.5
CVSS:2.0/AV:N/AC:L/Au:N/C:P/I:P/A:P
CVSS 3.xКРИТИЧЕСКАЯ 9.8
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVE-2022-0905
HIGH7.1

Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.

Опубликовано: 2022-03-10Изменено: 2026-06-17
CVSS 2.0СРЕДНЯЯ 5.5
CVSS:2.0/AV:N/AC:L/Au:S/C:P/I:P/A:N
CVSS 3.xВЫСОКАЯ 7.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
CVE-2022-1058
MEDIUM6.1

Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

Опубликовано: 2022-03-24Изменено: 2026-06-17
CVSS 2.0СРЕДНЯЯ 5.8
CVSS:2.0/AV:N/AC:M/Au:N/C:P/I:P/A:N
CVSS 3.xСРЕДНЯЯ 6.1
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
CVE-2022-1928
MEDIUM5.4

Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.

Опубликовано: 2022-05-29Изменено: 2026-06-17
CVSS 2.0НИЗКАЯ 3.5
CVSS:2.0/AV:N/AC:M/Au:S/C:N/I:P/A:N
CVSS 3.xСРЕДНЯЯ 5.4
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
CVE-2022-38183
MEDIUM6.5

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles.

Опубликовано: 2022-08-12Изменено: 2026-06-17
CVSS 3.xСРЕДНЯЯ 6.5
CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N