hao/websafe-kb
1
0
派生 0
代码 工单 合并请求 1 工作流 软件包 项目 发布 百科 活动

kb: expand authorized lab coverage and intel automation

浏览代码
这个提交包含在:
hao
2026-03-16 22:04:51 -07:00
父节点 cda31e86c7
当前提交 d0120fbf10
修改 592 个文件,包含 29025 行新增267 行删除
下载 Patch 文件 下载 Diff 文件 展开所有文件 折叠所有文件

99
07-framework-security/platforms/gitea/cases/gitea-cve-2018-15192.md 普通文件
查看文件

@@ -0,0 +1,99 @@
---
title: "Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-20T20:32:20Z"
updated_date: "2026-03-03T04:54:04.686907Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2018-15192"
- "GHSA-fg3x-rwq9-74cw"
- "GO-2023-1971"
affected_versions:
- "introduced=0, fixed<1.16.0-rc1"
- "introduced=0, fixed<0.12.0"
fixed_versions:
- "1.16.0-rc1"
- "0.12.0"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "ssrf-url-validation"
primary_source: "https://github.com/advisories/GHSA-fg3x-rwq9-74cw"
---
# Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2018-15192`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-fg3x-rwq9-74cw
- 影响版本: `introduced=0, fixed<1.16.0-rc1, introduced=0, fixed<0.12.0`
- 修复版本: `1.16.0-rc1, 0.12.0`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2018-15192
- https://github.com/go-gitea/gitea/commit/599ff1c054e436daa4dc3f049aa8661d9c2395f9
- https://github.com/go-gitea/gitea/issues/4624
- https://github.com/go-gitea/gitea/pull/17482
- https://github.com/gogs/gogs/commit/22717a1c064511cf37c46af5e650baf7184cf25b
- https://github.com/gogs/gogs/issues/5366
- https://github.com/gogs/gogs/pull/6002
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/ssrf-url-validation.md)
- [nodejs:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/nodejs/ssrf-url-validation.md)
- [java:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/java/ssrf-url-validation.md)
- [php:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/php/ssrf-url-validation.md)
- [python:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/python/ssrf-url-validation.md)
- [ruby:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/ruby/ssrf-url-validation.md)
- [csharp:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/csharp/ssrf-url-validation.md)
- [go:ssrf-url-validation](/Users/x/websafe/05-defense/secure-code/go/ssrf-url-validation.md)

85
07-framework-security/platforms/gitea/cases/gitea-cve-2018-18926.md 普通文件
查看文件

@@ -0,0 +1,85 @@
---
title: "Gitea Remote Code Execution (RCE) in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T15:29:04Z"
updated_date: "2026-03-03T04:52:20.787387Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2018-18926"
- "GHSA-hf6f-jq25-8gq9"
- "GO-2022-0844"
affected_versions:
- "introduced=0, fixed<1.5.2"
fixed_versions:
- "1.5.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-hf6f-jq25-8gq9"
---
# Gitea Remote Code Execution (RCE) in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2018-18926`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-hf6f-jq25-8gq9
- 影响版本: `introduced=0, fixed<1.5.2`
- 修复版本: `1.5.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2018-18926
- https://github.com/go-gitea/gitea/commit/aeb5655c25053bdcd7eee94ea37df88468374162
- https://github.com/go-gitea/gitea/issues/5140
- https://github.com/go-gitea/gitea/pull/5177
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

92
07-framework-security/platforms/gitea/cases/gitea-cve-2019-1010261.md 普通文件
查看文件

@@ -0,0 +1,92 @@
---
title: "Gitea XSS Vulnerability in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-20T20:31:38Z"
updated_date: "2026-03-03T04:53:57.848904Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "CVE-2019-1010261"
- "GHSA-5rh7-6gfj-mc87"
- "GO-2023-1922"
affected_versions:
- "introduced=0, fixed<1.7.1"
fixed_versions:
- "1.7.1"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "xss-output-encoding"
primary_source: "https://github.com/advisories/GHSA-5rh7-6gfj-mc87"
---
# Gitea XSS Vulnerability in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2019-1010261`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-5rh7-6gfj-mc87
- 影响版本: `introduced=0, fixed<1.7.1`
- 修复版本: `1.7.1`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2019-1010261
- https://github.com/go-gitea/gitea/pull/5905
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2020-13246.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Denial of Service in Gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T15:29:04Z"
updated_date: "2026-03-03T04:52:17.939867Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2020-13246"
- "CVE-2020-13246"
- "GHSA-g2qx-6ghw-67hm"
- "GO-2022-0830"
affected_versions:
- "introduced=0, fixed<1.12.0"
fixed_versions:
- "1.12.0"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-g2qx-6ghw-67hm"
---
# Denial of Service in Gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2020-13246`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-g2qx-6ghw-67hm
- 影响版本: `introduced=0, fixed<1.12.0`
- 修复版本: `1.12.0`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2020-13246
- https://github.com/go-gitea/gitea/issues/10549
- https://github.com/go-gitea/gitea/pull/11438
- https://www.youtube.com/watch?v=DmVgADSVS88
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

96
07-framework-security/platforms/gitea/cases/gitea-cve-2021-28378.md 普通文件
查看文件

@@ -0,0 +1,96 @@
---
title: "Cross-site Scripting in Gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T15:29:04Z"
updated_date: "2026-03-03T04:52:18.307544Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2021-28378"
- "CVE-2021-28378"
- "GHSA-g95p-88p4-76cm"
- "GO-2022-0832"
affected_versions:
- "introduced=0, fixed<1.13.4"
fixed_versions:
- "1.13.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "xss-output-encoding"
primary_source: "https://github.com/advisories/GHSA-g95p-88p4-76cm"
---
# Cross-site Scripting in Gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2021-28378`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-g95p-88p4-76cm
- 影响版本: `introduced=0, fixed<1.13.4`
- 修复版本: `1.13.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-28378
- https://blog.gitea.io/2021/03/gitea-1.13.4-is-released
- https://github.com/PandatiX/CVE-2021-28378
- https://github.com/go-gitea/gitea/pull/14898
- https://github.com/go-gitea/gitea/pull/14899
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)

95
07-framework-security/platforms/gitea/cases/gitea-cve-2021-29134.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "Path Traversal in Gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T14:30:29Z"
updated_date: "2026-03-03T04:50:06.638863Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2021-29134"
- "CVE-2021-29134"
- "GHSA-h3q4-vmw4-cpr5"
- "GO-2022-0353"
affected_versions:
- "introduced=0, fixed<1.13.6"
fixed_versions:
- "1.13.6"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "path-traversal-guard"
primary_source: "https://github.com/advisories/GHSA-h3q4-vmw4-cpr5"
---
# Path Traversal in Gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2021-29134`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-h3q4-vmw4-cpr5
- 影响版本: `introduced=0, fixed<1.13.6`
- 修复版本: `1.13.6`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-29134
- https://github.com/go-gitea/gitea/pull/15125/files
- https://github.com/go-gitea/gitea/releases
- https://github.com/go-gitea/gitea/releases/tag/v1.13.6
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/javascript-typescript/path-traversal-guard.md)
- [nodejs:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/nodejs/path-traversal-guard.md)
- [java:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/java/path-traversal-guard.md)
- [php:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/php/path-traversal-guard.md)
- [python:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/python/path-traversal-guard.md)
- [ruby:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/ruby/path-traversal-guard.md)
- [csharp:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/csharp/path-traversal-guard.md)
- [go:path-traversal-guard](/Users/x/websafe/05-defense/secure-code/go/path-traversal-guard.md)

84
07-framework-security/platforms/gitea/cases/gitea-cve-2021-3382.md 普通文件
查看文件

@@ -0,0 +1,84 @@
---
title: "Buffer Overflow in gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-06-04T15:19:21Z"
updated_date: "2026-03-03T04:55:15.307648Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2021-3382"
- "CVE-2021-3382"
- "GHSA-9f8c-pfvv-p4gm"
- "GO-2024-2757"
affected_versions:
- "introduced=1.9.0, fixed<1.13.2"
fixed_versions:
- "1.13.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-9f8c-pfvv-p4gm"
---
# Buffer Overflow in gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2021-3382`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-9f8c-pfvv-p4gm
- 影响版本: `introduced=1.9.0, fixed<1.13.2`
- 修复版本: `1.13.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-3382
- https://github.com/go-gitea/gitea/pull/14390
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

90
07-framework-security/platforms/gitea/cases/gitea-cve-2021-45327.md 普通文件
查看文件

@@ -0,0 +1,90 @@
---
title: "Capture-replay in Gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T14:30:26Z"
updated_date: "2026-03-03T04:52:07.840324Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2021-45327"
- "CVE-2021-45327"
- "GHSA-jrpg-35hw-m4p9"
- "GO-2022-0310"
affected_versions:
- "introduced=0, fixed<1.11.2"
fixed_versions:
- "1.11.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-jrpg-35hw-m4p9"
---
# Capture-replay in Gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2021-45327`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-jrpg-35hw-m4p9
- 影响版本: `introduced=0, fixed<1.11.2`
- 修复版本: `1.11.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-45327
- https://blog.gitea.io/2020/03/gitea-1.11.2-is-released
- https://github.com/go-gitea/gitea/commit/4cb18601ff33dda5edb47d5b452cc8f2dc39dd67
- https://github.com/go-gitea/gitea/commit/6f5656ab0ebec03fe63898208dabc802c4be46ab
- https://github.com/go-gitea/gitea/commit/ed664a9e1dae4d4660e60c981173bbc5102e69ea
- https://github.com/go-gitea/gitea/pull/10462
- https://github.com/go-gitea/gitea/pull/10465
- https://github.com/go-gitea/gitea/pull/10582
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

85
07-framework-security/platforms/gitea/cases/gitea-cve-2021-45330.md 普通文件
查看文件

@@ -0,0 +1,85 @@
---
title: "Improper Privilege Management in Gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T16:03:21Z"
updated_date: "2026-03-03T04:52:33.136607Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2021-45330"
- "CVE-2021-45330"
- "GHSA-pg38-r834-g45j"
- "GO-2022-0982"
affected_versions:
- "introduced=0, fixed<1.6.0"
fixed_versions:
- "1.6.0"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-pg38-r834-g45j"
---
# Improper Privilege Management in Gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2021-45330`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-pg38-r834-g45j
- 影响版本: `introduced=0, fixed<1.6.0`
- 修复版本: `1.6.0`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-45330
- https://github.com/go-gitea/gitea/issues/4336
- https://github.com/go-gitea/gitea/pull/4840
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

85
07-framework-security/platforms/gitea/cases/gitea-cve-2021-45331.md 普通文件
查看文件

@@ -0,0 +1,85 @@
---
title: "Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T14:30:29Z"
updated_date: "2026-03-03T04:52:07.604662Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2021-45331"
- "CVE-2021-45331"
- "GHSA-hfmf-q69j-6m5p"
- "GO-2022-0315"
affected_versions:
- "introduced=0, fixed<1.5.0"
fixed_versions:
- "1.5.0"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-hfmf-q69j-6m5p"
---
# Reuse of one time passwords allowed in Gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2021-45331`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-hfmf-q69j-6m5p
- 影响版本: `introduced=0, fixed<1.5.0`
- 修复版本: `1.5.0`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2021-45331
- https://blog.gitea.io/2018/08/gitea-1.5.0-is-released
- https://github.com/go-gitea/gitea/pull/3878
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2022-0905.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea Missing Authorization vulnerability in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T15:11:40Z"
updated_date: "2026-03-03T04:50:45.472605Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-0905"
- "CVE-2022-0905"
- "GHSA-jr9c-h74f-2v28"
- "GO-2022-0609"
affected_versions:
- "introduced=0, fixed<1.16.4"
fixed_versions:
- "1.16.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-jr9c-h74f-2v28"
---
# Gitea Missing Authorization vulnerability in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-0905`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-jr9c-h74f-2v28
- 影响版本: `introduced=0, fixed<1.16.4`
- 修复版本: `1.16.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-0905
- https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2
- https://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314
- https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

87
07-framework-security/platforms/gitea/cases/gitea-cve-2022-1058.md 普通文件
查看文件

@@ -0,0 +1,87 @@
---
title: "Gitea Open Redirect in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-06-04T15:19:21Z"
updated_date: "2026-03-03T04:51:49.844240Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-1058"
- "CVE-2022-1058"
- "GHSA-4rqq-rxvc-v2rc"
- "GO-2024-2752"
affected_versions:
- "introduced=0, fixed<1.16.5"
fixed_versions:
- "1.16.5"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-4rqq-rxvc-v2rc"
---
# Gitea Open Redirect in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-1058`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-4rqq-rxvc-v2rc
- 影响版本: `introduced=0, fixed<1.16.5`
- 修复版本: `1.16.5`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-1058
- https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
- https://github.com/go-gitea/gitea/pull/19175
- https://github.com/go-gitea/gitea/pull/19186
- https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

97
07-framework-security/platforms/gitea/cases/gitea-cve-2022-1928.md 普通文件
查看文件

@@ -0,0 +1,97 @@
---
title: "Stored Cross-site Scripting in gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T15:11:40Z"
updated_date: "2026-03-03T04:50:45.577318Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-1928"
- "CVE-2022-1928"
- "GHSA-ph3w-2843-72mx"
- "GO-2022-0612"
affected_versions:
- "introduced=0, fixed<1.16.9"
fixed_versions:
- "1.16.9"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "xss-output-encoding"
primary_source: "https://github.com/advisories/GHSA-ph3w-2843-72mx"
---
# Stored Cross-site Scripting in gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-1928`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-ph3w-2843-72mx
- 影响版本: `introduced=0, fixed<1.16.9`
- 修复版本: `1.16.9`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-1928
- https://github.com/go-gitea/gitea
- https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c
- https://github.com/go-gitea/gitea/pull/19825
- https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2
- https://security.gentoo.org/glsa/202210-14
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)

85
07-framework-security/platforms/gitea/cases/gitea-cve-2022-27313.md 普通文件
查看文件

@@ -0,0 +1,85 @@
---
title: "Arbitrary file deletion in gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T15:11:31Z"
updated_date: "2026-03-03T04:50:19.647131Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-27313"
- "CVE-2022-27313"
- "GHSA-g7p7-x6w7-w6qg"
- "GO-2022-0442"
affected_versions:
- "introduced=0, fixed<1.16.4"
fixed_versions:
- "1.16.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-g7p7-x6w7-w6qg"
---
# Arbitrary file deletion in gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-27313`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-g7p7-x6w7-w6qg
- 影响版本: `introduced=0, fixed<1.16.4`
- 修复版本: `1.16.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-27313
- https://github.com/go-gitea/gitea/pull/19072
- https://github.com/go-gitea/gitea/releases/tag/v1.16.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

88
07-framework-security/platforms/gitea/cases/gitea-cve-2022-30781.md 普通文件
查看文件

@@ -0,0 +1,88 @@
---
title: "Shell command injection in gitea in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T15:11:31Z"
updated_date: "2026-03-03T04:50:23.949796Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-30781"
- "CVE-2022-30781"
- "GHSA-p5f9-c9j9-g8qx"
- "GO-2022-0450"
affected_versions:
- "introduced=0, fixed<1.16.7"
fixed_versions:
- "1.16.7"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-p5f9-c9j9-g8qx"
---
# Shell command injection in gitea in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-30781`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-p5f9-c9j9-g8qx
- 影响版本: `introduced=0, fixed<1.16.7`
- 修复版本: `1.16.7`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-30781
- http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html
- http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html
- https://blog.gitea.io/2022/05/gitea-1.16.7-is-released
- https://github.com/go-gitea/gitea/pull/19487
- https://github.com/go-gitea/gitea/pull/19490
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

87
07-framework-security/platforms/gitea/cases/gitea-cve-2022-38183.md 普通文件
查看文件

@@ -0,0 +1,87 @@
---
title: "Gitea allowed assignment of private issues in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-06-10T16:38:54Z"
updated_date: "2026-03-03T04:55:04.505871Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-38183"
- "CVE-2022-38183"
- "GHSA-fhv8-m4j4-cww2"
- "GO-2024-2769"
affected_versions:
- "introduced=0, fixed<1.16.9"
fixed_versions:
- "1.16.9"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-fhv8-m4j4-cww2"
---
# Gitea allowed assignment of private issues in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-38183`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-fhv8-m4j4-cww2
- 影响版本: `introduced=0, fixed<1.16.9`
- 修复版本: `1.16.9`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-38183
- https://blog.gitea.io/2022/07/gitea-1.16.9-is-released
- https://github.com/go-gitea/gitea/pull/20133
- https://github.com/go-gitea/gitea/pull/20196
- https://herolab.usd.de/security-advisories/usd-2022-0015
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2022-38795.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea erroneous repo clones in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T14:17:52Z"
updated_date: "2026-03-03T04:54:07.076900Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-38795"
- "CVE-2022-38795"
- "GHSA-8j3v-68w3-3848"
- "GO-2023-1999"
affected_versions:
- "introduced=0, fixed<1.17.2"
fixed_versions:
- "1.17.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-8j3v-68w3-3848"
---
# Gitea erroneous repo clones in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-38795`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-8j3v-68w3-3848
- 影响版本: `introduced=0, fixed<1.17.2`
- 修复版本: `1.17.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-38795
- https://blog.gitea.com/release-of-1.17.2
- https://github.com/go-gitea/gitea/pull/20869
- https://github.com/go-gitea/gitea/pull/20892
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2022-42968.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea vulnerable to Argument Injection in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2024-08-21T16:03:24Z"
updated_date: "2026-03-03T04:52:41.181693Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2022-42968"
- "CVE-2022-42968"
- "GHSA-w8xw-7crf-h23x"
- "GO-2022-1065"
affected_versions:
- "introduced=0, fixed<1.17.3"
fixed_versions:
- "1.17.3"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-w8xw-7crf-h23x"
---
# Gitea vulnerable to Argument Injection in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2022-42968`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-w8xw-7crf-h23x
- 影响版本: `introduced=0, fixed<1.17.3`
- 修复版本: `1.17.3`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2022-42968
- https://github.com/go-gitea/gitea/pull/21463
- https://github.com/go-gitea/gitea/releases/tag/v1.17.3
- https://security.gentoo.org/glsa/202210-14
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68938.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:49.095775Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68938"
- "CVE-2025-68938"
- "GHSA-cm54-pfmc-xrwx"
- "GO-2025-4258"
affected_versions:
- "introduced=0, fixed<1.25.2"
fixed_versions:
- "1.25.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-cm54-pfmc-xrwx"
---
# Gitea mishandles authorization for deletion of releases in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68938`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-cm54-pfmc-xrwx
- 影响版本: `introduced=0, fixed<1.25.2`
- 修复版本: `1.25.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68938
- https://blog.gitea.com/release-of-1.25.2
- https://github.com/go-gitea/gitea/pull/36002/commits/d4262131b39899d9e9ee5caa2635c810d476e43f#diff-8962bac89952027d50fa51f31f59d65bedb4c02bde0265eced5cf256cbed306d
- https://github.com/go-gitea/gitea/releases/tag/v1.25.2
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

94
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68939.md 普通文件
查看文件

@@ -0,0 +1,94 @@
---
title: "Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:48.777563Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68939"
- "CVE-2025-68939"
- "GHSA-263q-5cv3-xq9g"
- "GO-2025-4261"
affected_versions:
- "introduced=0"
fixed_versions:
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "plugin-extension-trust-policy"
primary_source: "https://github.com/advisories/GHSA-263q-5cv3-xq9g"
---
# Gitea allows attackers to add attachments with forbidden file extensions in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68939`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-263q-5cv3-xq9g
- 影响版本: `introduced=0`
- 修复版本: `unknown`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68939
- https://blog.gitea.com/release-of-1.23.0
- https://github.com/go-gitea/gitea/pull/32151
- https://github.com/go-gitea/gitea/releases/tag/v1.23.0
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/plugin-extension-trust-policy.md)
- [nodejs:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/nodejs/plugin-extension-trust-policy.md)
- [java:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/java/plugin-extension-trust-policy.md)
- [php:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/php/plugin-extension-trust-policy.md)
- [python:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/python/plugin-extension-trust-policy.md)
- [ruby:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/ruby/plugin-extension-trust-policy.md)
- [csharp:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/csharp/plugin-extension-trust-policy.md)
- [go:plugin-extension-trust-policy](/Users/x/websafe/05-defense/secure-code/go/plugin-extension-trust-policy.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68940.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:50.087298Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68940"
- "CVE-2025-68940"
- "GHSA-rrcw-5rjv-vj26"
- "GO-2025-4267"
affected_versions:
- "introduced=0, fixed<1.22.5"
fixed_versions:
- "1.22.5"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-rrcw-5rjv-vj26"
---
# Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68940`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-rrcw-5rjv-vj26
- 影响版本: `introduced=0, fixed<1.22.5`
- 修复版本: `1.22.5`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68940
- https://blog.gitea.com/release-of-1.22.5
- https://github.com/go-gitea/gitea/pull/32654
- https://github.com/go-gitea/gitea/releases/tag/v1.22.5
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68941.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:50.339953Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68941"
- "CVE-2025-68941"
- "GHSA-xfq3-qj7j-4565"
- "GO-2025-4268"
affected_versions:
- "introduced=0, fixed<1.22.3"
fixed_versions:
- "1.22.3"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-xfq3-qj7j-4565"
---
# Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68941`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-xfq3-qj7j-4565
- 影响版本: `introduced=0, fixed<1.22.3`
- 修复版本: `1.22.3`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68941
- https://blog.gitea.com/release-of-1.22.3
- https://github.com/go-gitea/gitea/pull/32218
- https://github.com/go-gitea/gitea/releases/tag/v1.22.3
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

95
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68942.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:49.781753Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68942"
- "CVE-2025-68942"
- "GHSA-898p-hh3p-hf9r"
- "GO-2025-4263"
affected_versions:
- "introduced=0, fixed<1.22.2"
fixed_versions:
- "1.22.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "xss-output-encoding"
primary_source: "https://github.com/advisories/GHSA-898p-hh3p-hf9r"
---
# Gitea allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68942`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-898p-hh3p-hf9r
- 影响版本: `introduced=0, fixed<1.22.2`
- 修复版本: `1.22.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68942
- https://blog.gitea.com/release-of-1.22.2
- https://github.com/go-gitea/gitea/pull/31966
- https://github.com/go-gitea/gitea/releases/tag/v1.22.2
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68943.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:49.213758Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68943"
- "CVE-2025-68943"
- "GHSA-jhx5-4vr4-f327"
- "GO-2025-4266"
affected_versions:
- "introduced=0, fixed<1.21.8"
fixed_versions:
- "1.21.8"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-jhx5-4vr4-f327"
---
# Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68943`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-jhx5-4vr4-f327
- 影响版本: `introduced=0, fixed<1.21.8`
- 修复版本: `1.21.8`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68943
- https://blog.gitea.com/release-of-1.21.8-and-1.21.9-and-1.21.10
- https://github.com/go-gitea/gitea/pull/29430
- https://github.com/go-gitea/gitea/releases/tag/v1.21.8
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

95
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68944.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:50.526913Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68944"
- "CVE-2025-68944"
- "GHSA-f85h-c7m6-cfpm"
- "GO-2025-4264"
affected_versions:
- "introduced=0, fixed<1.22.2"
fixed_versions:
- "1.22.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "dependency-upgrade-policy"
primary_source: "https://github.com/advisories/GHSA-f85h-c7m6-cfpm"
---
# Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68944`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-f85h-c7m6-cfpm
- 影响版本: `introduced=0, fixed<1.22.2`
- 修复版本: `1.22.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68944
- https://blog.gitea.com/release-of-1.22.2
- https://github.com/go-gitea/gitea/pull/31967
- https://github.com/go-gitea/gitea/releases/tag/v1.22.2
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/javascript-typescript/dependency-upgrade-policy.md)
- [nodejs:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/nodejs/dependency-upgrade-policy.md)
- [java:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/java/dependency-upgrade-policy.md)
- [php:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/php/dependency-upgrade-policy.md)
- [python:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/python/dependency-upgrade-policy.md)
- [ruby:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/ruby/dependency-upgrade-policy.md)
- [csharp:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/csharp/dependency-upgrade-policy.md)
- [go:dependency-upgrade-policy](/Users/x/websafe/05-defense/secure-code/go/dependency-upgrade-policy.md)

86
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68945.md 普通文件
查看文件

@@ -0,0 +1,86 @@
---
title: "Gitea: anonymous user can visit private user's project in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:51.457970Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68945"
- "CVE-2025-68945"
- "GHSA-7xq4-mwcp-q8fx"
- "GO-2025-4262"
affected_versions:
- "introduced=0, fixed<1.21.2"
fixed_versions:
- "1.21.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-7xq4-mwcp-q8fx"
---
# Gitea: anonymous user can visit private user's project in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68945`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-7xq4-mwcp-q8fx
- 影响版本: `introduced=0, fixed<1.21.2`
- 修复版本: `1.21.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68945
- https://blog.gitea.com/release-of-1.21.2
- https://github.com/go-gitea/gitea/pull/28423
- https://github.com/go-gitea/gitea/releases/tag/v1.21.2
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

95
07-framework-security/platforms/gitea/cases/gitea-cve-2025-68946.md 普通文件
查看文件

@@ -0,0 +1,95 @@
---
title: "Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2025-12-30T01:49:57Z"
updated_date: "2026-03-03T04:57:50.473303Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-68946"
- "CVE-2025-68946"
- "GHSA-hq57-c72x-4774"
- "GO-2025-4265"
affected_versions:
- "introduced=0, fixed<1.20.1"
fixed_versions:
- "1.20.1"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "xss-output-encoding"
primary_source: "https://github.com/advisories/GHSA-hq57-c72x-4774"
---
# Gitea vulnerable to Cross-site Scripting in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-68946`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-hq57-c72x-4774
- 影响版本: `introduced=0, fixed<1.20.1`
- 修复版本: `1.20.1`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-68946
- https://blog.gitea.com/release-of-1.20.1
- https://github.com/go-gitea/gitea/pull/25960
- https://github.com/go-gitea/gitea/releases/tag/v1.20.1
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/javascript-typescript/xss-output-encoding.md)
- [nodejs:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/nodejs/xss-output-encoding.md)
- [java:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/java/xss-output-encoding.md)
- [php:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/php/xss-output-encoding.md)
- [python:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/python/xss-output-encoding.md)
- [ruby:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/ruby/xss-output-encoding.md)
- [csharp:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/csharp/xss-output-encoding.md)
- [go:xss-output-encoding](/Users/x/websafe/05-defense/secure-code/go/xss-output-encoding.md)

87
07-framework-security/platforms/gitea/cases/gitea-cve-2025-69413.md 普通文件
查看文件

@@ -0,0 +1,87 @@
---
title: "Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-01-12T17:39:39Z"
updated_date: "2026-03-03T04:57:49.801641Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2025-69413"
- "CVE-2025-69413"
- "GHSA-pc73-rj2c-wvf9"
- "GO-2026-4274"
affected_versions:
- "introduced=0, fixed<1.25.2"
fixed_versions:
- "1.25.2"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-pc73-rj2c-wvf9"
---
# Gitea's /api/v1/user endpoint has different responses for failed authentication depending on whether a username exists in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2025-69413`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-pc73-rj2c-wvf9
- 影响版本: `introduced=0, fixed<1.25.2`
- 修复版本: `1.25.2`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2025-69413
- https://blog.gitea.com/release-of-1.25.2
- https://github.com/go-gitea/gitea/issues/35984
- https://github.com/go-gitea/gitea/pull/36002
- https://github.com/go-gitea/gitea/releases/tag/v1.25.2
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

87
07-framework-security/platforms/gitea/cases/gitea-cve-2026-0798.md 普通文件
查看文件

@@ -0,0 +1,87 @@
---
title: "Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:54.518308Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-0798"
- "CVE-2026-0798"
- "GHSA-8fwc-qjw5-rvgp"
- "GHSA-f4wq-6ww5-m56p"
- "GO-2026-4365"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-8fwc-qjw5-rvgp"
---
# Gitea may send release notification emails for private repositories to users whose access has been revoked in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-0798`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-8fwc-qjw5-rvgp
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-0798
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/pull/36319
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

97
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20736.md 普通文件
查看文件

@@ -0,0 +1,97 @@
---
title: "Gitea has improper access control for uploaded attachments in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:53.977351Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20736"
- "CVE-2026-20736"
- "GHSA-hgr3-x44x-33hx"
- "GHSA-jr6h-pwwp-c8g6"
- "GO-2026-4367"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
- "file-upload-validation"
primary_source: "https://github.com/advisories/GHSA-hgr3-x44x-33hx"
---
# Gitea has improper access control for uploaded attachments in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20736`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-hgr3-x44x-33hx
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20736
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30
- https://github.com/go-gitea/gitea/pull/36320
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)
- [javascript-typescript:file-upload-validation](/Users/x/websafe/05-defense/secure-code/javascript-typescript/file-upload-validation.md)
- [nodejs:file-upload-validation](/Users/x/websafe/05-defense/secure-code/nodejs/file-upload-validation.md)
- [java:file-upload-validation](/Users/x/websafe/05-defense/secure-code/java/file-upload-validation.md)
- [php:file-upload-validation](/Users/x/websafe/05-defense/secure-code/php/file-upload-validation.md)
- [python:file-upload-validation](/Users/x/websafe/05-defense/secure-code/python/file-upload-validation.md)
- [ruby:file-upload-validation](/Users/x/websafe/05-defense/secure-code/ruby/file-upload-validation.md)
- [csharp:file-upload-validation](/Users/x/websafe/05-defense/secure-code/csharp/file-upload-validation.md)
- [go:file-upload-validation](/Users/x/websafe/05-defense/secure-code/go/file-upload-validation.md)

89
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20750.md 普通文件
查看文件

@@ -0,0 +1,89 @@
---
title: "Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:57.697708Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20750"
- "CVE-2026-20750"
- "GHSA-h4fh-pc4w-8w27"
- "GHSA-rw22-5hhq-pfpf"
- "GO-2026-4370"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-rw22-5hhq-pfpf"
---
# Gitea does not properly validate project ownership in organization project operations in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20750`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-rw22-5hhq-pfpf
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20750
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/commit/7b5de594cd92e30b9c3d40ffda119acad794cc64
- https://github.com/go-gitea/gitea/pull/36318
- https://github.com/go-gitea/gitea/pull/36373
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

88
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20800.md 普通文件
查看文件

@@ -0,0 +1,88 @@
---
title: "Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:54.012782Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20800"
- "CVE-2026-20800"
- "GHSA-2vgv-hgv4-22mh"
- "GHSA-g54m-9f6g-wj7q"
- "GO-2026-4362"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-2vgv-hgv4-22mh"
---
# Gitea improperly exposes issue and pull request titles in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20800`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-2vgv-hgv4-22mh
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20800
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/commit/67e75f30a83d2523cedc37ad7b03bcba66947833
- https://github.com/go-gitea/gitea/pull/36339
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

89
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20883.md 普通文件
查看文件

@@ -0,0 +1,89 @@
---
title: "Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:54.692700Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20883"
- "CVE-2026-20883"
- "GHSA-644v-xv3j-xgqg"
- "GHSA-j8xr-c56q-m8jj"
- "GO-2026-4368"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-j8xr-c56q-m8jj"
---
# Gitea improperly exposes issue titles and repository names through previously started stopwatches in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20883`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-j8xr-c56q-m8jj
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20883
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/commit/95ea2df00a70176c516b12f3cfee8c84a310280f
- https://github.com/go-gitea/gitea/pull/36340
- https://github.com/go-gitea/gitea/pull/36368
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

88
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20888.md 普通文件
查看文件

@@ -0,0 +1,88 @@
---
title: "Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:56.025932Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20888"
- "CVE-2026-20888"
- "GHSA-9cgq-wp42-4rpq"
- "GHSA-ccq9-c5hv-cf64"
- "GO-2026-4366"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-9cgq-wp42-4rpq"
---
# Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20888`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-9cgq-wp42-4rpq
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20888
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/pull/36341
- https://github.com/go-gitea/gitea/pull/36356
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

89
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20897.md 普通文件
查看文件

@@ -0,0 +1,89 @@
---
title: "Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:55.339967Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20897"
- "CVE-2026-20897"
- "GHSA-393c-qgvj-3xph"
- "GHSA-rrq5-r9h5-pc7c"
- "GO-2026-4363"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-393c-qgvj-3xph"
---
# Gitea does not properly validate repository ownership when deleting Git LFS locks in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20897`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-393c-qgvj-3xph
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20897
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/commit/da036f3f35ca830b22cf4480912ed261303b798f
- https://github.com/go-gitea/gitea/pull/36344
- https://github.com/go-gitea/gitea/pull/36349
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

89
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20904.md 普通文件
查看文件

@@ -0,0 +1,89 @@
---
title: "Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:54.244003Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20904"
- "CVE-2026-20904"
- "GHSA-jrpc-w85r-hgqx"
- "GHSA-qqgv-v353-cv8p"
- "GO-2026-4369"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-qqgv-v353-cv8p"
---
# Gitea does not properly validate ownership when toggling OpenID URI visibility in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20904`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-qqgv-v353-cv8p
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20904
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/commit/ed5720af2ac94d74f822721c05b42b6148ff9c22
- https://github.com/go-gitea/gitea/pull/36346
- https://github.com/go-gitea/gitea/pull/36361
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)

89
07-framework-security/platforms/gitea/cases/gitea-cve-2026-20912.md 普通文件
查看文件

@@ -0,0 +1,89 @@
---
title: "Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea"
system_id: "gitea"
category: "platforms"
advisory_mode: "core"
published_date: "2026-02-02T21:05:55Z"
updated_date: "2026-03-03T04:57:55.747880Z"
severity: "unknown"
exploit_status: "unknown"
source_confidence: "official"
target_types:
- "lab-local"
- "lab-public"
- "authorized-third-party"
allow_public_validation: "yes, with ownership or explicit authorization"
authorization_prerequisite: "asset ownership proof or explicit written authorization"
minimal_validation: "read-only probe, controlled payload, reversible test"
aliases:
- "BIT-gitea-2026-20912"
- "CVE-2026-20912"
- "GHSA-4xx9-vc8v-87hv"
- "GHSA-vfmv-f93v-37mw"
- "GO-2026-4364"
affected_versions:
- "introduced=0, fixed<1.25.4"
fixed_versions:
- "1.25.4"
secure_code_topics:
- "authz-server-side-recheck"
- "token-cookie-storage"
- "proxy-trust-boundary"
primary_source: "https://github.com/advisories/GHSA-4xx9-vc8v-87hv"
---
# Gitea does not properly validate repository ownership when linking attachments to releases in code.gitea.io/gitea
## 事件层
- Canonical ID: `gitea--CVE-2026-20912`
- 系统: `gitea`
- 严重度: `unknown`
- 来源置信度: `official`
- 官方主源: https://github.com/advisories/GHSA-4xx9-vc8v-87hv
- 影响版本: `introduced=0, fixed<1.25.4`
- 修复版本: `1.25.4`
## 其他来源
- https://nvd.nist.gov/vuln/detail/CVE-2026-20912
- https://blog.gitea.com/release-of-1.25.4
- https://github.com/go-gitea/gitea/commit/fbea2c68e8df11cfa94e8ead913b79946780ed30
- https://github.com/go-gitea/gitea/pull/36320
- https://github.com/go-gitea/gitea/pull/36355
- https://github.com/go-gitea/gitea/releases/tag/v1.25.4
## 实验层
- 仅用于自有资产、测试环境或已明确授权目标。
- 允许公网可达目标,但必须满足资产归属或明确授权前提。
- 最小化验证方式: 最小化验证、只读探测、可审计回显、受控注入。
- 若该案例涉及插件、模块或扩展,应同时检查供应链与升级策略。
- 禁止场景: 无归属证明或无明确授权的公网目标;知名公共网站或与测试无关的第三方资产;会造成持久破坏、数据越权下载或不可回滚影响的动作
## 修复示例
- [javascript-typescript:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/javascript-typescript/authz-server-side-recheck.md)
- [nodejs:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/nodejs/authz-server-side-recheck.md)
- [java:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/java/authz-server-side-recheck.md)
- [php:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/php/authz-server-side-recheck.md)
- [python:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/python/authz-server-side-recheck.md)
- [ruby:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/ruby/authz-server-side-recheck.md)
- [csharp:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/csharp/authz-server-side-recheck.md)
- [go:authz-server-side-recheck](/Users/x/websafe/05-defense/secure-code/go/authz-server-side-recheck.md)
- [javascript-typescript:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/javascript-typescript/token-cookie-storage.md)
- [nodejs:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/nodejs/token-cookie-storage.md)
- [java:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/java/token-cookie-storage.md)
- [php:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/php/token-cookie-storage.md)
- [python:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/python/token-cookie-storage.md)
- [ruby:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/ruby/token-cookie-storage.md)
- [csharp:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/csharp/token-cookie-storage.md)
- [go:token-cookie-storage](/Users/x/websafe/05-defense/secure-code/go/token-cookie-storage.md)
- [javascript-typescript:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/javascript-typescript/proxy-trust-boundary.md)
- [nodejs:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/nodejs/proxy-trust-boundary.md)
- [java:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/java/proxy-trust-boundary.md)
- [php:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/php/proxy-trust-boundary.md)
- [python:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/python/proxy-trust-boundary.md)
- [ruby:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/ruby/proxy-trust-boundary.md)
- [csharp:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/csharp/proxy-trust-boundary.md)
- [go:proxy-trust-boundary](/Users/x/websafe/05-defense/secure-code/go/proxy-trust-boundary.md)