Detections
Analytics

openSUSE 16 Security Update : gitea-tea (openSUSE-SU-2026:20318-1)

medium Nessus Plugin ID 301310

Synopsis

The remote openSUSE host is missing one or more security updates.

Description

The remote openSUSE 16 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2026:20318-1 advisory.

 Changes in gitea-tea:

 - update to 0.12.0:
 * New Features
 - Add tea actions commands for managing workflow runs and workflows in #880, #796
 - Add tea api subcommand for arbitrary API calls not covered by existing commands in #879
 - Add repository webhook management commands in #798
 - Add JSON output support for single PR view in #864
 - Add JSON output and file redirection for issue detail view in #841
 - Support creating AGit flow pull requests in #867
 * Bug Fixes
 - Fix authentication via environment variables when specifying repo argument in #809
 - Fix issue detail view ignoring --owner flag in #899
 - Fix PR create crash in #823
 - Fix TTY prompt handling in #897
 - Fix termenv OSC RGBA handling in #907
 - Fix labels delete command and --id flag type in #865
 - Fix delete repo command description in #858
 - Fix pagination flags for secrets list, webhooks list, and pull requests list in #853, #852,
 - #851
 - Enable git worktree support and improve PR create error handling in #850
 - Only prompt for SSH passphrase when necessary in #844
 - Only prompt for login confirmation when no default login is set in #839
 - Skip token uniqueness check when using SSH authentication in #898
 - Require non-empty token in GetLoginByToken in #895
 - Fix config file permissions to remove group read/write in #856
 * Improvements
 - Add file locking for safe concurrent access to config file in #881
 - Improve error messages throughout the CLI in #871
 - Send consistent HTTP request headers in #888
 - Revert requiring HTTP/HTTPS login URLs; restore SSH as a login method in #891
 - Refactor context into dedicated subpackages in #873, #888
 - General code cleanup and improvements in #869, #870
 - Add test coverage for login matching in #820
 * Build & Dependencies
 - Build with Go 1.25 in #886
 - Build for Windows aarch64
 - Update Gitea SDK version in #868
 - Update Nix flake in #872
 - Update dependencies including lipgloss v2, urfave/cli v3.6.2, go-git v5.16.5, and various Go modules in #849, #875, #876, #878, #884, #885, #900, #901, #904, #905
 - Update CI actions (checkout v6, setup-go v6) in #882, #883

Tenable has extracted the preceding description block directly from the SUSE security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Update the affected gitea-tea, gitea-tea-bash-completion and / or gitea-tea-zsh-completion packages.

See Also

https://www.suse.com/security/cve/CVE-2025-47911

https://www.suse.com/security/cve/CVE-2025-58190

Plugin Details

Severity: Medium

ID: 301310

File Name: openSUSE-2026-20318-1.nasl

Version: 1.1

Type: local

Agent: unix

Published: 3/6/2026

Updated: 3/6/2026

Supported Sensors: Continuous Assessment, Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Low

Score: 2.2

CVSS v2

Risk Factor: Medium

Base Score: 5

Temporal Score: 3.9

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSS Score Source: CVE-2025-58190

CVSS v3

Risk Factor: Medium

Base Score: 5.3

Temporal Score: 4.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Temporal Vector: CVSS:3.0/E:P/RL:O/RC:C

Vulnerability Information

CPE: cpe:/o:novell:opensuse:16.0, p-cpe:/a:novell:opensuse:gitea-tea-zsh-completion, p-cpe:/a:novell:opensuse:gitea-tea-bash-completion, p-cpe:/a:novell:opensuse:gitea-tea

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/SuSE/release, Host/SuSE/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/3/2026

Vulnerability Publication Date: 10/23/2025

Reference Information

CVE: CVE-2025-47911, CVE-2025-58190