1. Home
  2. Security Advisories
  3. FreeBSD
  4. FREEBSD:F0BA7008-2BBD-11EF-B4CA-814A3D504243

[FREEBSD:F0BA7008-2BBD-11EF-B4CA-814A3D504243] forgejo -- multiple issues

Severity Medium
Affected Packages 1
CVEs 1
Info Packages References Vulnerabilities

The forgejo team reports:

CVE-2024-24789:
The archive/zip package's handling of certain types of invalid
zip files differs from the behavior of most zip implementations.
This misalignment could be exploited to create an zip file with
contents that vary depending on the implementation reading the
file.
The OAuth2 implementation does not always require authentication
for public clients, a requirement of RFC 6749 Section 10.2. A
malicious client can impersonate another client and obtain access
to protected resources if the impersonated client fails to, or is
unable to, keep its client credentials confidential.
Package Affected Version
pkg:freebsd/forgejo < 7.0.4
ID
FREEBSD:F0BA7008-2BBD-11EF-B4CA-814A3D504243
Severity
medium
Severity from
CVE-2024-24789
URL
http://vuxml.freebsd.org/freebsd/f0ba7008-2bbd-11ef-b4ca-814a3d504243.html
Published
2024-04-04T00:00:00
(5 months ago)
Modified
2024-04-11T00:00:00
(5 months ago)
Rights
FreeBSD VuXML Security Team
Other Advisories
Source # ID Name URL
FreeBSD VuXML https://nvd.nist.gov/vuln/detail/CVE-2024-24789
Type Package URL Namespace Name / Product Version Distribution / Platform Arch Patch / Fix
Affected pkg:freebsd/forgejo forgejo < 7.0.4
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories Exploits PoC Pubblication Date Modification Date
# CVE Description CVSS EPSS EPSS Trend (30 days) Affected Products Weaknesses Security Advisories PoC Pubblication Date Modification Date