PT-2022-26686 · Gitea+1 · Gitea+1

Govulnbot

Published

2022-10-16

Updated

2025-05-14

CVE-2022-42968

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.17.3

Description The issue concerns the mishandling of arguments to git commands due to insufficient sanitization and escaping of refs in the git backend. This can lead to potential argument injection.

Recommendations For versions prior to 1.17.3, update to version 1.17.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the git backend to minimize the risk of exploitation.

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

ALT-PU-2022-2880

ALT-PU-2022-2947

ALT-PU-2024-3792

BIT-GITEA-2022-42968

CVE-2022-42968

GHSA-W8XW-7CRF-H23X

GO-2022-1065

Affected Products

Alt Linux

Gitea

PT-2022-26686 · Gitea+1 · Gitea+1

CVE-2022-42968

Weakness Enumeration

Related Identifiers

Affected Products

References · 12