Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
Vulnerabilities for
'Gitea'
2022-05-16
CVE-2022-30781
CWE-116
Gitea before 1.16.7 does not escape git fetch remote.
2022-05-03
CVE-2022-27313
NVD-CWE-noinfo
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.
2022-03-24
CVE-2022-1058
CWE-601
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
2022-03-15
CVE-2021-29134
CWE-22
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.
2022-02-09
CVE-2021-45330
CWE-269
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
CVE-2021-45331
CWE-287
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
2022-02-08
CVE-2021-45329
CWE-79
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
CVE-2021-45325
CWE-918
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
CVE-2021-45326
CWE-352
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
CVE-2021-45327
NVD-CWE-noinfo
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Copyright
2024
, cxsecurity.com
Back to Top