Access Restriction Bypass Affecting github.com/go-gitea/gitea/models package, versions <1.16.9
Snyk CVSS
Attack Complexity
Low
Threat Intelligence
Exploit Maturity
Proof of concept
EPSS
0.16% (53rd
percentile)
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-GOLANG-GITHUBCOMGOGITEAGITEAMODELS-2980290
- published 14 Aug 2022
- disclosed 14 Aug 2022
- credit Christian Pöschl
Introduced: 14 Aug 2022
CVE-2022-38183 Open this link in a new tabHow to fix?
Upgrade github.com/go-gitea/gitea/models
to version 1.16.9 or higher.
Overview
github.com/go-gitea/gitea/models is a self-hosted git service.
Affected versions of this package are vulnerable to Access Restriction Bypass. An attacker could assign any issue to any project in Gitea as there was no permission check for fetching the issue. As a result, the attacker would get access to private issue titles.