FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- Improper/incorrect authorization

Affected packages
gitea < 1.16.4

Details

VuXML ID 0ff80f41-aefe-11ec-b4b6-d05099c0c059
Discovery 2022-03-06
Entry 2022-03-29

Youssef Rebahi-Gilbert reports:

When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login.

References

CVE Name CVE-2022-0905
URL https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb