vulnerability
FreeBSD: VID-5048ed45-b0f1-11ed-ab04-9106b1b896dd: gitea -- password hash quality
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 9 | (AV:N/AC:L/Au:S/C:C/I:C/A:C) | Feb 20, 2023 | Feb 21, 2023 | Dec 10, 2025 |
Severity
9
CVSS
(AV:N/AC:L/Au:S/C:C/I:C/A:C)
Published
Feb 20, 2023
Added
Feb 21, 2023
Modified
Dec 10, 2025
Description
The Gitea team reports: This PR refactors and improves the password hashing code within gitea and makes it possible for server administrators to set the password hashing parameters. In addition it takes the opportunity to adjust the settings for pbkdf2 in order to make the hashing a little stronger. Add command to bulk set must-change-password As part of administration sometimes it is appropriate to forcibly tell users to update their passwords. This PR creates a new command gitea admin user must-change-password which will set the MustChangePassword flag on the provided users.
Solution
freebsd-upgrade-package-gitea
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.