Vulnerabilities > Gitea > Gitea > 1.3.3
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2019-04-28 | CVE-2019-11576 | Improper Authentication vulnerability in Gitea Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. | 7.5 |
2019-04-15 | CVE-2019-11229 | Unspecified vulnerability in Gitea models/repo_mirror.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution. | 6.5 |
2019-04-15 | CVE-2019-11228 | Improper Input Validation vulnerability in Gitea repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress. | 5.0 |
2019-02-04 | CVE-2019-1000002 | Unspecified vulnerability in Gitea Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. | 5.5 |
2018-11-04 | CVE-2018-18926 | Session Fixation vulnerability in Gitea Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. | 7.5 |
2018-10-08 | CVE-2018-1000803 | Information Exposure vulnerability in Gitea Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. | 5.0 |
2018-08-08 | CVE-2018-15192 | Server-Side Request Forgery (SSRF) vulnerability in multiple products An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services. | 5.0 |