Vulnerabilities > Gitea
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-03-10 | CVE-2022-0905 | Unspecified vulnerability in Gitea Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. | 7.1 |
2022-02-09 | CVE-2021-45330 | Incomplete Cleanup vulnerability in Gitea An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. | 9.8 |
2022-02-09 | CVE-2021-45331 | Improper Authentication vulnerability in Gitea An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. | 9.8 |
2022-02-08 | CVE-2021-45329 | Cross-site Scripting vulnerability in Gitea Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. | 6.1 |
2022-02-08 | CVE-2021-45328 | Open Redirect vulnerability in Gitea Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. | 6.1 |
2022-02-08 | CVE-2021-45325 | Server-Side Request Forgery (SSRF) vulnerability in Gitea Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. | 7.5 |
2022-02-08 | CVE-2021-45326 | Cross-Site Request Forgery (CSRF) vulnerability in Gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. | 8.8 |
2022-02-08 | CVE-2021-45327 | Interpretation Conflict vulnerability in Gitea Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. | 9.8 |
2021-03-15 | CVE-2021-28378 | Cross-site Scripting vulnerability in Gitea Gitea 1.12.x and 1.13.x before 1.13.4 allows XSS via certain issue data in some situations. | 5.4 |
2021-02-05 | CVE-2021-3382 | Out-of-bounds Write vulnerability in Gitea Stack buffer overflow vulnerability in gitea 1.9.0 through 1.13.1 allows remote attackers to cause a denial of service (crash) via vectors related to a file path. | 7.5 |