First published: Sat Apr 13 2019(Updated: )
repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the `form.MirrorAddress` before calling `SaveAddress`. ### Specific Go Packages Affected github.com/go-gitea/gitea/models
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gitea Gitea | <1.7.6 | |
Gitea Gitea | =1.8.0-rc1 | |
Gitea Gitea | =1.8.0-rc2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-11228 is a vulnerability in Gitea before version 1.7.6 and 1.8.x before 1.8-RC3 that allows form.MirrorAddress to be saved without validation.
CVE-2019-11228 has a severity rating of 7.5 (High) according to the CVSS v3 scoring system.
CVE-2019-11228 affects Gitea versions before 1.7.6 and 1.8.x before 1.8-RC3.
Yes, the fix for CVE-2019-11228 is included in Gitea version 1.7.6 and 1.8-RC3.
To mitigate the risk of CVE-2019-11228, it is recommended to update Gitea to version 1.7.6 or 1.8-RC3.