You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
fix: Fix exposing password hashes in user edit page
When an administrator edits a user entry, the user's password hash is
present on the edit page. This is unnecessary. But it exposes the hash
to an administrator who could choose to try to brute-force the hash and
use the password on other logins of that user.
This is an issue for administrative users who have no access to the
actual database on disk but access to the user edit web page.
Copy file name to clipboardExpand all lines: releases.moxie
+2Lines changed: 2 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -34,6 +34,7 @@ r34: {
34
34
security:
35
35
- Fix path traversal vulnerability which allowed access to "/resources//../WEB-INF/". (CVE-2022-31268) This was fixed by updating Jetty. (issue-1409)
36
36
- Fix exploit circumventing SSH authentication. Many thanks to András Veres-Szentkirályi (silentsignal.eu) for the report. (CVE-2024-28080)
37
+
- Fix vulnerability exposing user password hashes to administrators when an administrator edits a user's properties. Many thanks to Gerhard Klostermeier (syss.de) for the report.
37
38
fixes:
38
39
- Fix crash in Gitblit Authority when users were deleted from Gitblit but still had entries (certificates) in the Authority. (issue-1359, pr-1435)
39
40
- Fix tab-to-space conversion to work like tabs. (pr-1065 by @QuentinC)
Copy file name to clipboardExpand all lines: src/main/java/com/gitblit/wicket/GitBlitWebApp_de.properties
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -248,7 +248,7 @@ gb.teamMustSpecifyRepository = Ein Team muss mindestens einem Repository zugewie
248
248
gb.teamCreated = Neues Team ''{0}'' erfolgreich angelegt.
249
249
gb.pleaseSetUsername = Bitte geben Sie einen Benutzernamen an!
250
250
gb.usernameUnavailable = Benutzername ''{0}'' ist nicht verf\u00fcgbar.
251
-
gb.combinedMd5Rename = Gitblit ist f\u00fcr kombiniertes MD5-Passwort-Hashing konfiguriert. Sie m\u00fcssen beim Umbenennen des Kontos ein neues Passwort angeben.
251
+
gb.combinedMd5Rename = Dieser Benutzer ist f\u00fcr kombiniertes MD5-Passwort-Hashing konfiguriert. Sie m\u00fcssen beim Umbenennen des Kontos ein neues Passwort angeben.
Copy file name to clipboardExpand all lines: src/main/java/com/gitblit/wicket/GitBlitWebApp_es.properties
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -248,7 +248,7 @@ gb.teamMustSpecifyRepository = Debe especificar al menos un repositorio para el
248
248
gb.teamCreated = Nuevo Equipo ''{0}'' creado satisfactoriamente.
249
249
gb.pleaseSetUsername = \u00A1Por favor, introduce un usuario!
250
250
gb.usernameUnavailable = El usuario ''{0}'' no est\u00E1 disponible.
251
-
gb.combinedMd5Rename = GitBlit est\u00E1 configurado para Hashes combinados md5. Debes introducir una nueva contrase\u00F1a para renombrar la cuenta.
251
+
gb.combinedMd5Rename = El usuario est\u00E1 configurado para Hashes combinados md5. Debes introducir una nueva contrase\u00F1a para renombrar la cuenta.
252
252
gb.userCreated = Nuevo usuario ''{0}'' creado satisfactoriamente.
253
253
gb.couldNotFindFederationRegistration = \u00A1No se pudo encontrar el registro de federaci\u00F3n!
254
254
gb.failedToFindGravatarProfile = Fallo al buscar el perfil Gravatar de {0}
Copy file name to clipboardExpand all lines: src/main/java/com/gitblit/wicket/GitBlitWebApp_fr.properties
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -248,7 +248,7 @@ gb.teamMustSpecifyRepository = Une \u00e9quipe doit d\u00e9finir au moins un d\u
248
248
gb.teamCreated = La nouvelle \u00e9quipe ''{0}'' cr\u00e9\u00e9 avec succ\u00e8s.
249
249
gb.pleaseSetUsername = Entrez un identifiant SVP !
250
250
gb.usernameUnavailable = L'identifiant ''{0}'' est indisponible.
251
-
gb.combinedMd5Rename = Gitblit est configur\u00e9 pour des mots de passe hash\u00e9s combined-md5. Vous devez entrer un nouveau mot de passe pour ce compte.
251
+
gb.combinedMd5Rename = L'identifiant est configur\u00e9 pour des mots de passe hash\u00e9s combined-md5. Vous devez entrer un nouveau mot de passe pour ce compte.
252
252
gb.userCreated = Le nouveau utilisateur ''{0}'' est cr\u00e9\u00e9 avec succ\u00e8s.
253
253
gb.couldNotFindFederationRegistration = N'arrive pas \u00e0 joindre l'enregistrement de la f\u00e9d\u00e9ration !
254
254
gb.failedToFindGravatarProfile = N'arrive pas trouver un profil Gravatar pour {0}
Copy file name to clipboardExpand all lines: src/main/java/com/gitblit/wicket/GitBlitWebApp_it.properties
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -248,7 +248,7 @@ gb.teamMustSpecifyRepository = Un gruppo deve specificare almeno un repository.
248
248
gb.teamCreated = Nuovo gruppo ''{0}'' creato con successo.
249
249
gb.pleaseSetUsername = Nome utente non specificato!
250
250
gb.usernameUnavailable = Il nome utente ''{0}'' non è disponibile.
251
-
gb.combinedMd5Rename = Gitblit è configurato per effettuare un hashing delle password di tipo combinato-md5. E' quindi necessario specificare una nuova password quando si rinomina un utenza.
251
+
gb.combinedMd5Rename = Il nome utente è configurato per effettuare un hashing delle password di tipo combinato-md5. E' quindi necessario specificare una nuova password quando si rinomina un utenza.
252
252
gb.userCreated = Nuovo utente ''{0}'' creato con successo.
253
253
gb.couldNotFindFederationRegistration = Impossibile trovare la registrazione di federazione!
254
254
gb.failedToFindGravatarProfile = Profilo Gravatar per {0} non reperito!
Copy file name to clipboardExpand all lines: src/main/java/com/gitblit/wicket/GitBlitWebApp_nl.properties
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -248,7 +248,7 @@ gb.teamMustSpecifyRepository = Een team moet minimaal één repositorie specific
248
248
gb.teamCreated = Nieuw team ''{0}'' successvol aangemaakt.
249
249
gb.pleaseSetUsername = Vul aub een gebruikersnaam in!
250
250
gb.usernameUnavailable = Gebruikersnaam ''{0}'' is niet beschikbaar.
251
-
gb.combinedMd5Rename = Gitblit is geconfigureerd voor combined-md5 wachtwoord hashing. U moet een nieuw wachtwoord opgeven bij het hernoemen van een account.
251
+
gb.combinedMd5Rename = Gebruikersnaam is geconfigureerd voor combined-md5 wachtwoord hashing. U moet een nieuw wachtwoord opgeven bij het hernoemen van een account.
252
252
gb.userCreated = Nieuwe gebruiker ''{0}'' succesvol aangemaakt.
253
253
gb.couldNotFindFederationRegistration = Kon de federatie registratie niet vinden!
254
254
gb.failedToFindGravatarProfile = Kon het Gravatar profiel voor {0} niet vinden
Copy file name to clipboardExpand all lines: src/main/java/com/gitblit/wicket/GitBlitWebApp_no.properties
+1-1Lines changed: 1 addition & 1 deletion
Original file line number
Diff line number
Diff line change
@@ -248,7 +248,7 @@ gb.teamMustSpecifyRepository = Et team m\u00e5 ha minst et repository.
248
248
gb.teamCreated = Team ''{0}'' opprettet.
249
249
gb.pleaseSetUsername = Vennlist angi et brukernavn!
250
250
gb.usernameUnavailable = Brukernavnet ''{0}'' er ikke tilgjengelig.
251
-
gb.combinedMd5Rename = Gitblit er satt opp med combined-md5 passord hashing. Du m\u00e5 angi et nytt passord n\u00e5r du gir en konto et nytt navn.
251
+
gb.combinedMd5Rename = Brukernavnet er satt opp med combined-md5 passord hashing. Du m\u00e5 angi et nytt passord n\u00e5r du gir en konto et nytt navn.
252
252
gb.userCreated = Ny bruker ''{0}'' opprettet.
253
253
gb.couldNotFindFederationRegistration = Kunne ikke finne federeringsoppf\u00F8ringen!
254
254
gb.failedToFindGravatarProfile = Fant ikke gravatar-profilen for {0}
gb.usernameUnavailable = Nazwa u\u017Cytkownika''{0}'' jest niedost\u0119pna.
250
-
gb.combinedMd5Rename = Gitblit jest skonfigurowany na po\u0142\u0105czone haszowanie hase\u0142 md5. Musisz wpisa\u0107 nowe has\u0142o przy zmianie nazwy konta.
249
+
gb.usernameUnavailable = Nazwa u\u017Cytkownika''{0}'' jest niedost\u0119pna.
250
+
gb.combinedMd5Rename = Nazwa u\u017Cytkownika jest skonfigurowany na po\u0142\u0105czone haszowanie hase\u0142 md5. Musisz wpisa\u0107 nowe has\u0142o przy zmianie nazwy konta.
0 commit comments