Show filters
34 Total Results
Displaying 11-20 of 34
Sort by:
Attacker Value
Unknown

CVE-2022-1058

Disclosure Date: March 24, 2022 (last updated October 07, 2023)
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-29134

Disclosure Date: March 15, 2022 (last updated February 23, 2025)
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2022-0905

Disclosure Date: March 10, 2022 (last updated February 23, 2025)
Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.
Attack Vector: NetworkPrivileges: LowUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-45331

Disclosure Date: February 09, 2022 (last updated February 23, 2025)
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-45330

Disclosure Date: February 09, 2022 (last updated February 23, 2025)
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-45329

Disclosure Date: February 08, 2022 (last updated February 23, 2025)
Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-45328

Disclosure Date: February 08, 2022 (last updated February 23, 2025)
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-45327

Disclosure Date: February 08, 2022 (last updated February 23, 2025)
Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
Attacker Value
Unknown

CVE-2021-45326

Disclosure Date: February 08, 2022 (last updated February 23, 2025)
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
Attack Vector: NetworkPrivileges: NoneUser Interaction: Required
0
0
Attacker Value
Unknown

CVE-2021-45325

Disclosure Date: February 08, 2022 (last updated February 23, 2025)
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
Attack Vector: NetworkPrivileges: NoneUser Interaction: None
0
0
View More Topics  < Previous  Next >