You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
See doc/triage.md for instructions on how to triage this report.
packages:
- package: gogs.io/gogs
versions:
- fixed: 0.12.5
description: "### Impact\n\nExpired PAM accounts and accounts with expired passwords
are continued to be seen as valid. Installations use PAM as authentication sources
are affected.\n\n### Patches\n\nExpired PAM accounts and accounts with expired
passwords are no longer being seen as valid. Users should upgrade to 0.12.5 or
the latest 0.13.0+dev.\n\n### Workarounds\n\nIn addition to marking PAM accounts
as expired, also disable/lock them. Running `usermod -L <username>` will add an
exclamation mark to the password hash and would result in wrong passwords responses
when trying to login. \n\n### References\n\nhttps://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62/\n\n###
For more information\n\nIf you have any questions or comments about this advisory,
please post on https://github.com/gogs/gogs/issues/6810.\n"
published: 2022-03-12T00:00:34Z
last_modified: 2022-03-29T19:10:32Z
cves:
- CVE-2022-0871
ghsas:
- GHSA-65f3-3278-7m65
links:
context:
- https://github.com/advisories/GHSA-65f3-3278-7m65
The text was updated successfully, but these errors were encountered:
In GitHub Security Advisory GHSA-65f3-3278-7m65, there is a vulnerability in the following Go packages or modules:
See doc/triage.md for instructions on how to triage this report.
The text was updated successfully, but these errors were encountered: