Vulnerabilities > Gitea

DATE CVE VULNERABILITY TITLE RISK
2018-11-04 CVE-2018-18926 Session Fixation vulnerability in Gitea
Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs.
network
low complexity
gitea CWE-384
7.5
2018-10-08 CVE-2018-1000803 Information Exposure vulnerability in Gitea
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses.
network
low complexity
gitea CWE-200
5.0
2018-08-08 CVE-2018-15192 Server-Side Request Forgery (SSRF) vulnerability in multiple products
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
network
low complexity
gitea gogs CWE-918
5.0