Vulnerabilities > Gitea > Gitea > 1.0.3
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-09 | CVE-2021-45330 | Incomplete Cleanup vulnerability in Gitea An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. | 9.8 |
| 2022-02-09 | CVE-2021-45331 | Improper Authentication vulnerability in Gitea An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. | 9.8 |
| 2022-02-08 | CVE-2021-45329 | Cross-site Scripting vulnerability in Gitea Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | 6.1 |
| 2022-02-08 | CVE-2021-45328 | Open Redirect vulnerability in Gitea Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | 6.1 |
| 2022-02-08 | CVE-2021-45325 | Server-Side Request Forgery (SSRF) vulnerability in Gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | 7.5 |
| 2022-02-08 | CVE-2021-45326 | Cross-Site Request Forgery (CSRF) vulnerability in Gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | 8.8 |
| 2022-02-08 | CVE-2021-45327 | Interpretation Conflict vulnerability in Gitea Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. | 9.8 |
| 2020-11-24 | CVE-2020-28991 | Unspecified vulnerability in Gitea Gitea 0.9.99 through 1.12.x before 1.12.6 does not prevent a git protocol path that specifies a TCP port number and also contains newlines (with URL encoding) in ParseRemoteAddr in modules/auth/repo_form.go. | 9.8 |
| 2020-05-20 | CVE-2020-13246 | Improper Locking vulnerability in Gitea An issue was discovered in Gitea through 1.11.5. | 7.5 |
| 2019-07-18 | CVE-2019-1010261 | Cross-site Scripting vulnerability in Gitea Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). | 6.1 |