FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2025-02-02 08:34:31 UTC

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
6dcf6fc6-bca0-11ef-8926-9b4f2d14eb53	forgejo -- multiple vulnerabilities Problem Description: When Forgejo is configured to run the internal ssh server with [server].START_SSH_SERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running from a binary or from a root container image does not use the internal ssh server by default and was not vulnerable. The incorrect use of the crypto package is the root cause of the vulnerability and was fixed for the internal ssh server. Revert "allow synchronizing user status from OAuth2 login providers" Discovery 2024-12-12 Entry 2024-12-17 forgejo < 9.0.3 https://codeberg.org/forgejo/forgejo/pulls/6248 https://codeberg.org/forgejo/forgejo/pulls/6249

VuXML ID

Description

6dcf6fc6-bca0-11ef-8926-9b4f2d14eb53

forgejo -- multiple vulnerabilities

Problem Description:

When Forgejo is configured to run the internal ssh server with [server].START_SSH_SERVER=true, it was possible for a registered user to impersonate another user. The rootless container image uses the internal ssh server by default and was vulnerable. A Forgejo instance running from a binary or from a root container image does not use the internal ssh server by default and was not vulnerable. The incorrect use of the crypto package is the root cause of the vulnerability and was fixed for the internal ssh server.
Revert "allow synchronizing user status from OAuth2 login providers"

Discovery 2024-12-12
Entry 2024-12-17
forgejo

< 9.0.3

https://codeberg.org/forgejo/forgejo/pulls/6248
https://codeberg.org/forgejo/forgejo/pulls/6249