x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-r7h7-chh4-5rvm

[GoVulnBot]

In GitHub Security Advisory GHSA-r7h7-chh4-5rvm, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/go-gitea/gitea	1.12.6	>= 0.9.99, < 1.12.6

Cross references:

• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45325 #308 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45326 #309 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45327 #310 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45329 #314 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-45331 #315 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2021-29134 #353 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-27313 #442 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-30781 #450 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-36h2-95gj-w488 #579 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea/models: GHSA-f5fj-7265-jxhj #823 NOT_IMPORTABLE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: GHSA-g2qx-6ghw-67hm #830 NOT_IMPORTABLE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea/models: GHSA-hpmr-prr2-cqc4 #846 NOT_IMPORTABLE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea/models: GHSA-q47x-6mqq-4w92 #862 NOT_IMPORTABLE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-42968 #1065 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2022-38795 #1999 EFFECTIVELY_PRIVATE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2019-1000002 #2221 LEGACY_FALSE_POSITIVE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2019-1010314 #2222 LEGACY_FALSE_POSITIVE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2019-11576 #2234 LEGACY_FALSE_POSITIVE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2020-14144 #2276 LEGACY_FALSE_POSITIVE
• CVE-2020-28991 appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2020-28991 #2298 LEGACY_FALSE_POSITIVE
• Module github.com/go-gitea/gitea appears in issue x/vulndb: potential Go vuln in github.com/go-gitea/gitea: CVE-2020-28991 #2298 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/go-gitea/gitea
      versions:
        - introduced: 0.9.99
          fixed: 1.12.6
      packages:
        - package: github.com/go-gitea/gitea
summary: Improper Access Control in Gitea in github.com/go-gitea/gitea
cves:
    - CVE-2020-28991
ghsas:
    - GHSA-r7h7-chh4-5rvm
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2020-28991
    - fix: https://github.com/go-gitea/gitea/pull/13525
    - web: https://github.com/go-gitea/gitea/releases/tag/v1.12.6
    - advisory: https://github.com/advisories/GHSA-r7h7-chh4-5rvm
source:
    id: GHSA-r7h7-chh4-5rvm

[gopherbot]

Change https://go.dev/cl/582535 mentions this issue: data/reports: batch add unreviewed reports

[tatianab]

Duplicate of #2298