RSS   Vulnerabilities for 'Gitea'   RSS

2022-05-16
 
CVE-2022-30781

CWE-116
 

 
Gitea before 1.16.7 does not escape git fetch remote.

 
2022-05-03
 
CVE-2022-27313

NVD-CWE-noinfo
 

 
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.

 
2022-03-24
 
CVE-2022-1058

CWE-601
 

 
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

 
2022-03-15
 
CVE-2021-29134

CWE-22
 

 
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.

 
2022-02-09
 
CVE-2021-45330

CWE-269
 

 
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.

 
 
CVE-2021-45331

CWE-287
 

 
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.

 
2022-02-08
 
CVE-2021-45329

CWE-79
 

 
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.

 
 
CVE-2021-45325

CWE-918
 

 
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.

 
 
CVE-2021-45326

CWE-352
 

 
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.

 
 
CVE-2021-45327

NVD-CWE-noinfo
 

 
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.

 


Copyright 2024, cxsecurity.com

 

Back to Top