FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- Improper/incorrect authorization

Affected packages
gitea < 1.16.4


VuXML ID 0ff80f41-aefe-11ec-b4b6-d05099c0c059
Discovery 2022-03-06
Entry 2022-03-29

Youssef Rebahi-Gilbert reports:

When Gitea is built and configured for PAM authentication it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login.


CVE Name CVE-2022-0905