Open dev-mend-for-github-com[bot] opened 2 years ago
Git with a cup of tea, painless self-hosted git service
Dependency Hierarchy: - :x: **github.com/go-gitea/gitea-v1.2.3** (Vulnerable Library)
Found in HEAD commit: 69a84c862836bec3e4be9a461b9e320cda5aeb94
Found in base branch: master
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
Publish Date: 2020-05-20
URL: CVE-2020-13246
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-13246
Release Date: 2020-05-21
Fix Resolution: github.com/fawick/gitea/models - befa7445d254cc88662015222c85ccd4c96b9a10,7b28154e8b412a7d83aa53359950cf76751e74c2;github.com/gigforks/gogs/models - 4efaf8e882dad4bffbb84104aec6df25d15b4f87;github.com/alexandrestein/gitea/models - v1.2.0,v1.4.0-rc1,ad33730dcaffed632200316a5ce5675b30ed1e99,v1.2.2,v1.1.0,v1.3.0-rc2;github.com/favadi/gitea/models - 91417e971553ca0a4862fb42188a816a2ea86277,03d6bab64373e883beb6f4867432ad4f12112950;github.com/lyrictian/gogs/models - bc902b8f745efe91e9dce5e4c5f5f2d5d760fbfb;github.com/rvillablanca/gitea/models - ac110d1b739bdbbbac3d1156afcfa9817663e891;github.com/gibheer/gitea/models - f960e19c590d27fe62a3a6241f1ea8b7fadde13a,9ff371a1471dbcef9640b9daed51e2c9fef05606;github.com/chappjc/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/gibheer/gogs/models - 4efaf8e882dad4bffbb84104aec6df25d15b4f87,baeccdb161b4a8929e87c7f3cde5056163ae0c08;github.com/silkeh/gitea/models - v1.0.2,27798c3efcfa002baf2d68a0fce23df7df16bcab,c76ee5688b6b2c907e325914987fcca2c1086c9e,53e6c947f1038ccea86e0879e39ce90074ea49ef,f960e19c590d27fe62a3a6241f1ea8b7fadde13a,v1.1.2;github.com/chenghuama/gitea/models - v0.9.97;github.com/lunny/gitea/models - ea4e6a001f4370163d74ad31f11e2f6538d17a74,2011a5b8183fe227f9f57f861dbe42abbd7abf42,83d1173634e039015311f27a80eb0daad3686076,b0b35493ec34b9f01e5c19cdeee68b69cb7749f7,v0.9.97,1ad902d5298202d5be14fd5a9c8ed6ce781a23c8,bccbbcf12e6a4738bd04d1fa7888c0834d61356c,39f2aa7c12004d5536810e7178d2c5de806855de,539d9f4c3070abb0f024b133a4f53187a76cbcb7;github.com/zhaoming200808/gitea/models - v0.9.97;github.com/targodan/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/kanocz/gitea/models - v1.0.1;github.com/go-gitea/gitea/models - v1.12.0-dev,v1.10.0;github.com/vcaesar/gitea/models - ac110d1b739bdbbbac3d1156afcfa9817663e891,ddb7f59ef414ffad8dc2485055c246aaea0507d7,ef13bbaf7de048ecf71f1ca5f15818e417a744b3,36a94da8dab112f47ee1774f2ae9a8fd7ca21a1c,539d9f4c3070abb0f024b133a4f53187a76cbcb7;github.com/ruanda/gogs/models - 12445fe2ed28ee41bbff3ebeb29bed823bf58354,c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/alexyer/gogs/models - 73fedc727538381d4e1048ee03be6b45e977a076,12445fe2ed28ee41bbff3ebeb29bed823bf58354;github.com/burl/gogs/models - bc902b8f745efe91e9dce5e4c5f5f2d5d760fbfb;github.com/vtuson/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/sirrow/gitea/models - ddb7f59ef414ffad8dc2485055c246aaea0507d7;github.com/renatoaquino/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/solo12zw74/gogs/models - 491407ddf89fb4182c5401c47d2af38f0a30adca;github.com/xormplus/gitea/models - b33078fa33441c33c5d018b1b9a248c646549842,v0.9.97;github.com/morrildl/gitea/models - ef13bbaf7de048ecf71f1ca5f15818e417a744b3;github.com/gamexg/gogs/models - bc902b8f745efe91e9dce5e4c5f5f2d5d760fbfb;github.com/j-keck/gitea/models - v1.0.1,v1.1.2;github.com/gigforks/gitea/models - f29458bd3a20d2d89638d5031d801c161f456374,cdc46007255c0f6161aed6ec4ee7e0e11cf299e7,e08d1fcc15aa643f8c9a7aceaf974a09b558e57e,e00df9fb8eda226d18b09a0ec1422860e516341d,e90bbcaa52230c88395aee098350af4a0fb38415,5c29b0a5fe1a124572ccaa55bd79fee2ce894253,dcb009aa864e5b1e65331138b77ec491b04309f8,fc29a405e8c210fa62ad4cbe4250617e4b85d6c8,0fd92898106088379895554862af273f1c8ddea7,ddb7f59ef414ffad8dc2485055c246aaea0507d7,v1.0.1,47f40ccd5ee1b54019cec6b5d3bce6b8075a1384,03d6bab64373e883beb6f4867432ad4f12112950,91417e971553ca0a4862fb42188a816a2ea86277,54381f438b6dd3dcfd29426c003463b623d46982,40c545ddbccc65aa607a2153d38b56cc3bb99be9;github.com/svarlamov/gitea/models - 5dc37b187c8b839a15ff73758799f218ddeb3bc9;github.com/cem/gogs/models - 73fedc727538381d4e1048ee03be6b45e977a076
CVE-2020-13246 - High Severity Vulnerability
Git with a cup of tea, painless self-hosted git service
Dependency Hierarchy: - :x: **github.com/go-gitea/gitea-v1.2.3** (Vulnerable Library)
Found in HEAD commit: 69a84c862836bec3e4be9a461b9e320cda5aeb94
Found in base branch: master
An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
Publish Date: 2020-05-20
URL: CVE-2020-13246
Base Score Metrics: - Exploitability Metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: None - User Interaction: None - Scope: Unchanged - Impact Metrics: - Confidentiality Impact: None - Integrity Impact: None - Availability Impact: High
For more information on CVSS3 Scores, click here.Type: Upgrade version
Origin: https://nvd.nist.gov/vuln/detail/CVE-2020-13246
Release Date: 2020-05-21
Fix Resolution: github.com/fawick/gitea/models - befa7445d254cc88662015222c85ccd4c96b9a10,7b28154e8b412a7d83aa53359950cf76751e74c2;github.com/gigforks/gogs/models - 4efaf8e882dad4bffbb84104aec6df25d15b4f87;github.com/alexandrestein/gitea/models - v1.2.0,v1.4.0-rc1,ad33730dcaffed632200316a5ce5675b30ed1e99,v1.2.2,v1.1.0,v1.3.0-rc2;github.com/favadi/gitea/models - 91417e971553ca0a4862fb42188a816a2ea86277,03d6bab64373e883beb6f4867432ad4f12112950;github.com/lyrictian/gogs/models - bc902b8f745efe91e9dce5e4c5f5f2d5d760fbfb;github.com/rvillablanca/gitea/models - ac110d1b739bdbbbac3d1156afcfa9817663e891;github.com/gibheer/gitea/models - f960e19c590d27fe62a3a6241f1ea8b7fadde13a,9ff371a1471dbcef9640b9daed51e2c9fef05606;github.com/chappjc/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/gibheer/gogs/models - 4efaf8e882dad4bffbb84104aec6df25d15b4f87,baeccdb161b4a8929e87c7f3cde5056163ae0c08;github.com/silkeh/gitea/models - v1.0.2,27798c3efcfa002baf2d68a0fce23df7df16bcab,c76ee5688b6b2c907e325914987fcca2c1086c9e,53e6c947f1038ccea86e0879e39ce90074ea49ef,f960e19c590d27fe62a3a6241f1ea8b7fadde13a,v1.1.2;github.com/chenghuama/gitea/models - v0.9.97;github.com/lunny/gitea/models - ea4e6a001f4370163d74ad31f11e2f6538d17a74,2011a5b8183fe227f9f57f861dbe42abbd7abf42,83d1173634e039015311f27a80eb0daad3686076,b0b35493ec34b9f01e5c19cdeee68b69cb7749f7,v0.9.97,1ad902d5298202d5be14fd5a9c8ed6ce781a23c8,bccbbcf12e6a4738bd04d1fa7888c0834d61356c,39f2aa7c12004d5536810e7178d2c5de806855de,539d9f4c3070abb0f024b133a4f53187a76cbcb7;github.com/zhaoming200808/gitea/models - v0.9.97;github.com/targodan/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/kanocz/gitea/models - v1.0.1;github.com/go-gitea/gitea/models - v1.12.0-dev,v1.10.0;github.com/vcaesar/gitea/models - ac110d1b739bdbbbac3d1156afcfa9817663e891,ddb7f59ef414ffad8dc2485055c246aaea0507d7,ef13bbaf7de048ecf71f1ca5f15818e417a744b3,36a94da8dab112f47ee1774f2ae9a8fd7ca21a1c,539d9f4c3070abb0f024b133a4f53187a76cbcb7;github.com/ruanda/gogs/models - 12445fe2ed28ee41bbff3ebeb29bed823bf58354,c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/alexyer/gogs/models - 73fedc727538381d4e1048ee03be6b45e977a076,12445fe2ed28ee41bbff3ebeb29bed823bf58354;github.com/burl/gogs/models - bc902b8f745efe91e9dce5e4c5f5f2d5d760fbfb;github.com/vtuson/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/sirrow/gitea/models - ddb7f59ef414ffad8dc2485055c246aaea0507d7;github.com/renatoaquino/gogs/models - c50d59874d88150081f5fec6b385cfdf4eb3ed84;github.com/solo12zw74/gogs/models - 491407ddf89fb4182c5401c47d2af38f0a30adca;github.com/xormplus/gitea/models - b33078fa33441c33c5d018b1b9a248c646549842,v0.9.97;github.com/morrildl/gitea/models - ef13bbaf7de048ecf71f1ca5f15818e417a744b3;github.com/gamexg/gogs/models - bc902b8f745efe91e9dce5e4c5f5f2d5d760fbfb;github.com/j-keck/gitea/models - v1.0.1,v1.1.2;github.com/gigforks/gitea/models - f29458bd3a20d2d89638d5031d801c161f456374,cdc46007255c0f6161aed6ec4ee7e0e11cf299e7,e08d1fcc15aa643f8c9a7aceaf974a09b558e57e,e00df9fb8eda226d18b09a0ec1422860e516341d,e90bbcaa52230c88395aee098350af4a0fb38415,5c29b0a5fe1a124572ccaa55bd79fee2ce894253,dcb009aa864e5b1e65331138b77ec491b04309f8,fc29a405e8c210fa62ad4cbe4250617e4b85d6c8,0fd92898106088379895554862af273f1c8ddea7,ddb7f59ef414ffad8dc2485055c246aaea0507d7,v1.0.1,47f40ccd5ee1b54019cec6b5d3bce6b8075a1384,03d6bab64373e883beb6f4867432ad4f12112950,91417e971553ca0a4862fb42188a816a2ea86277,54381f438b6dd3dcfd29426c003463b623d46982,40c545ddbccc65aa607a2153d38b56cc3bb99be9;github.com/svarlamov/gitea/models - 5dc37b187c8b839a15ff73758799f218ddeb3bc9;github.com/cem/gogs/models - 73fedc727538381d4e1048ee03be6b45e977a076