Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Weakness
Product A handles inputs or steps differently than Product B, which causes A to perform incorrect actions based on its perception of B’s state.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Gitea | Gitea | * | 1.11.2 (excluding) |
| Golang-code.gitea-git | Ubuntu | bionic | * |
| Golang-code.gitea-git | Ubuntu | focal | * |
| Golang-code.gitea-git | Ubuntu | impish | * |
| Golang-code.gitea-git | Ubuntu | kinetic | * |
| Golang-code.gitea-git | Ubuntu | trusty | * |
| Golang-code.gitea-git | Ubuntu | xenial | * |
| Golang-code.gitea-sdk | Ubuntu | bionic | * |
| Golang-code.gitea-sdk | Ubuntu | focal | * |
| Golang-code.gitea-sdk | Ubuntu | impish | * |
| Golang-code.gitea-sdk | Ubuntu | kinetic | * |
| Golang-code.gitea-sdk | Ubuntu | trusty | * |
| Golang-code.gitea-sdk | Ubuntu | xenial | * |
Related Attack Patterns
- https://cwe.mitre.org/data/definitions/105.html
- https://cwe.mitre.org/data/definitions/273.html
- https://cwe.mitre.org/data/definitions/34.html
References
- https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/
- https://github.com/go-gitea/gitea/pull/10462
- https://github.com/go-gitea/gitea/pull/10465
- https://github.com/go-gitea/gitea/pull/10582
- https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/
- https://github.com/go-gitea/gitea/pull/10462
- https://github.com/go-gitea/gitea/pull/10465
- https://github.com/go-gitea/gitea/pull/10582