Vulnerabilities > Gitea > Gitea > 1.0.1
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2021-45331 | Improper Authentication vulnerability in Gitea An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. | 7.5 |
| 2022-02-08 | CVE-2021-45329 | Cross-site Scripting vulnerability in Gitea Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | 4.3 |
| 2022-02-08 | CVE-2021-45328 | Open Redirect vulnerability in Gitea Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | 5.8 |
| 2022-02-08 | CVE-2021-45325 | Server-Side Request Forgery (SSRF) vulnerability in Gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | 5.0 |
| 2022-02-08 | CVE-2021-45326 | Cross-Site Request Forgery (CSRF) vulnerability in Gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | 6.8 |
| 2022-02-08 | CVE-2021-45327 | Interpretation Conflict vulnerability in Gitea Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. | 9.8 |
| 2020-11-24 | CVE-2020-28991 | Unspecified vulnerability in Gitea Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. | 7.5 |
| 2020-05-20 | CVE-2020-13246 | Improper Locking vulnerability in Gitea An issue was discovered in Gitea through 1.11.5. | 5.0 |
| 2019-07-18 | CVE-2019-1010261 | Cross-site Scripting vulnerability in Gitea Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). | 4.3 |
| 2019-04-28 | CVE-2019-11576 | Improper Authentication vulnerability in Gitea Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. | 7.5 |