6.5

CVE-2022-38183

EPSS 0.26%
Veröffentlicht 12.08.2022 20:15:09
Zuletzt bearbeitet 21.11.2024 07:15:57
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitea ≫ Gitea Version < 1.16.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.488

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://security.gentoo.org/glsa/202210-14

Third Party Advisory

https://blog.gitea.io/2022/07/gitea-1.16.9-is-released/

Vendor Advisory

Release Notes

https://herolab.usd.de/security-advisories/usd-2022-0015/

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2022-38183

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-38183

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-38183

EUVD