FreeBSD : gitea -- multiple vulnerabilities (b99492b2-362b-11eb-9f86-08002734b9ed)

high Nessus Plugin ID 143510

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

The Gitea Team reports for release 1.13.0 :

- Add Allow-/Block-List for Migrate and Mirrors

- Prevent git operations for inactive users

- Disallow urlencoded new lines in git protocol paths if there is a port

- Mitigate Security vulnerability in the git hook feature

- Disable DSA ssh keys by default

- Set TLS minimum version to 1.2

- Use argon as default password hash algorithm

- Escape failed highlighted files

Solution

Update the affected package.

See Also

https://github.com/go-gitea/gitea/releases/tag/v1.13.0

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=251577

http://www.nessus.org/u?3f64a225

Plugin Details

Severity: High

ID: 143510

File Name: freebsd_pkg_b99492b2362b11eb9f8608002734b9ed.nasl

Version: 1.1

Type: local

Published: 12/7/2020

Updated: 12/7/2020

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:gitea, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 12/4/2020

Vulnerability Publication Date: 12/1/2020