CVE-2022-38795

Description

In Gitea through 1.17.1, repo cloning can occur in the migration function.

How to fix CVE-2022-38795

To remediate CVE-2022-38795, upgrade the affected package to a fixed version below.

• Bitnami/gitea—upgrade to 1.17.2 or later
• Go/code.gitea.io/gitea—upgrade to 1.17.2 or later
• —upgrade to 1.17.2 or later

Is CVE-2022-38795 being exploited?

Low — EPSS is 0.4%, meaning exploitation activity has not been observed at scale.

Affected packages (3)

• from 0, < 1.17.2
• from 0, < 1.17.2
• from 0, < 1.17.2

CVSS scores

References (7)

• ADVISORYgithub.com/advisories/GHSA-8j3v-68w3-3848
• ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-38795
• PATCHgithub.com/go-gitea/gitea
• WEBblog.gitea.com/release-of-1.17.2
• WEBblog.gitea.com/release-of-1.17.2/