FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- multiple issues

Affected packages
gitea < 1.20.0

Details

VuXML ID b3f77aae-241c-11ee-9684-c11c23f7b0f9
Discovery 2023-06-08
Entry 2023-07-05

The Gitea team reports:

Test if container blob is accessible before mounting.

[source]

Set type="password" on all auth_token fields

Seen when migrating from other hosting platforms.

Prevents exposing the token to screen capture/cameras/eyeballs.

Prevents the browser from saving the value in its autocomplete dictionary, which often is not secure.

[source]

References

URL https://blog.gitea.com/release-of-1.20.0
URL https://github.com/go-gitea/gitea/releases/tag/v1.20.0

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.