[FREEBSD:F0BA7008-2BBD-11EF-B4CA-814A3D504243] forgejo -- multiple issues
Severity
Medium
Affected Packages
1
CVEs
1
The forgejo team reports:
CVE-2024-24789:
The archive/zip package's handling of certain types of invalid
zip files differs from the behavior of most zip implementations.
This misalignment could be exploited to create an zip file with
contents that vary depending on the implementation reading the
file.
The OAuth2 implementation does not always require authentication
for public clients, a requirement of RFC 6749 Section 10.2. A
malicious client can impersonate another client and obtain access
to protected resources if the impersonated client fails to, or is
unable to, keep its client credentials confidential.
Package | Affected Version |
---|---|
pkg:freebsd/forgejo | < 7.0.4 |
- ID
- FREEBSD:F0BA7008-2BBD-11EF-B4CA-814A3D504243
- Severity
- medium
- Severity from
- CVE-2024-24789
- URL
- http://vuxml.freebsd.org/freebsd/f0ba7008-2bbd-11ef-b4ca-814a3d504243.html
- Published
-
2024-04-04T00:00:00
(5 months ago) - Modified
-
2024-04-11T00:00:00
(5 months ago) - Rights
- FreeBSD VuXML Security Team
- Other Advisories
-
- ALAS2-2024-2576
- ALPINE:CVE-2024-24789
- ALSA-2024:4212
- ALSA-2024:4237
- ALSA-2024:5258
- ALSA-2024:5291
- ELSA-2024-4212
- ELSA-2024-4237
- ELSA-2024-5258
- ELSA-2024-5291
- FEDORA-2024-15039ba9f9
- FEDORA-2024-35147eb6ad
- FEDORA-2024-c83208238d
- FREEBSD:A5C64F6F-2AF3-11EF-A77E-901B0E9408DC
- GO-2024-2888
- RHSA-2024:4212
- RHSA-2024:4237
- RHSA-2024:5258
- RHSA-2024:5291
- RLSA-2024:4212
- SUSE-SU-2024:1935-1
- SUSE-SU-2024:1936-1
- SUSE-SU-2024:1969-1
- SUSE-SU-2024:1970-1
- SUSE-SU-2024:3089-1
- USN-6886-1
Source | # ID | Name | URL |
---|---|---|---|
FreeBSD VuXML | https://nvd.nist.gov/vuln/detail/CVE-2024-24789 |
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:freebsd/forgejo | forgejo | < 7.0.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |