FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-02 08:34:31 UTC

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
25a697de-bca1-11ef-8926-9b4f2d14eb53	forgejo -- unauthorized user impersonation Problem Description: When Forgejo is configured to run the internal ssh server with [server].START_SSH_SERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running from a binary or from a root container image does not use the internal ssh server by default and was not vulnerable. The incorrect use of the crypto package is the root cause of the vulnerability and was fixed for the internal ssh server. Revert "allow synchronizing user status from OAuth2 login providers" Discovery 2024-12-12 Entry 2024-12-17 forgejo < 7.0.12 https://codeberg.org/forgejo/forgejo/pulls/6248

VuXML ID

Description

25a697de-bca1-11ef-8926-9b4f2d14eb53

forgejo -- unauthorized user impersonation

Problem Description:

When Forgejo is configured to run the internal ssh server with [server].START_SSH_SERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running from a binary or from a root container image does not use the internal ssh server by default and was not vulnerable. The incorrect use of the crypto package is the root cause of the vulnerability and was fixed for the internal ssh server.
Revert "allow synchronizing user status from OAuth2 login providers"

Discovery 2024-12-12
Entry 2024-12-17
forgejo

< 7.0.12

https://codeberg.org/forgejo/forgejo/pulls/6248