 |
Inicial ▼ Bookkeeping
Online ▼ Auditorias ▼
DNS
Administrado ▼
Acerca de DNS
Ordenar/Renovar
Preguntas Frecuentes
AUP
Dynamic DNS Clients
Configurar Dominios Dynamic DNS Update Password Monitoreo
de Redes ▼
Enterprise
Avanzado
Estándarr
Prueba
Preguntas Frecuentes
Resumen de Precio/Funciones
Ordenar
Muestras
Configure/Status Alert Profiles | ||
| ID de Prueba: | 1.3.6.1.4.1.25623.1.0.170460 |
| Categoría: | Privilege escalation |
| Título: | Gitea < 1.19.3 Multiple golang Vulnerabilities |
| Resumen: | Gitea is prone to multiple vulnerabilities in golang. |
| Descripción: | Summary: Gitea is prone to multiple vulnerabilities in golang. Vulnerability Insight: The following flaws exist in golang: - CVE-2023-24539: Angle brackets are not considered dangerous characters when inserted into CSS contexts. Templates containing multiple actions separated by a '/' character could result in unexpectedly closing the CSS context and allowing for injection of unexpected HTML, if executed with untrusted input. - CVE-2023-24540: Not all valid JavaScript whitespace characters are considered to be whitespace. Templates containing other whitespace characters in JavaScript contexts that also contain actions may not be properly sanitized during execution. - CVE-2023-29400: Templates containing actions in unquoted HTML attributes executed with empty input could result in output that would have unexpected results when parsed due to HTML normalization rules. This may allow injection of arbitrary attributes into tags. Affected Software/OS: Gitea prior to version 1.19.3. Solution: Update to version 1.19.3 or later. CVSS Score: 10.0 CVSS Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Referencia Cruzada: |
Common Vulnerability Exposure (CVE) ID: CVE-2023-24539 https://go.dev/cl/491615 https://go.dev/issue/59720 https://groups.google.com/g/golang-announce/c/MEb0UyuSMsU https://pkg.go.dev/vuln/GO-2023-1751 Common Vulnerability Exposure (CVE) ID: CVE-2023-24540 https://go.dev/cl/491616 https://go.dev/issue/59721 https://pkg.go.dev/vuln/GO-2023-1752 Common Vulnerability Exposure (CVE) ID: CVE-2023-29400 https://go.dev/cl/491617 https://go.dev/issue/59722 https://pkg.go.dev/vuln/GO-2023-1753 |
| Copyright | Copyright (C) 2023 Greenbone AG |
| Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa. Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora. |