Vulnerabilities > CVE-2021-45330 - Incomplete Cleanup vulnerability in Gitea

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
network
low complexity
gitea
CWE-459

Summary

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.

Vulnerable Configurations

Part Description Count
Application
Gitea
130

Common Weakness Enumeration (CWE)