Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

gitea gitea vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv3
CVE-2019-11228
repo/setting.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
Gitea Gitea 1.8.0Gitea Gitea
8.8
CVSSv3
CVE-2019-11229
models/repo_mirror.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
Gitea Gitea 1.8.0Gitea Gitea
6.1
CVSSv3
CVE-2019-1010314
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected r...
Gitea Gitea 1.7.3Gitea Gitea 1.7.2
8.6
CVSSv3
CVE-2018-15192
An SSRF vulnerability in webhooks in Gitea up to and including 1.5.0-rc2 and Gogs up to and including 0.11.53 allows remote malicious users to access intranet services.
Gogs GogsGitea Gitea 1.5.0Gitea Gitea
7.5
CVSSv3
CVE-2021-45325
Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
Gitea Gitea
8.8
CVSSv3
CVE-2021-45326
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea prior to 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
Gitea Gitea
9.8
CVSSv3
CVE-2021-45327
Gitea prior to 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.
Gitea Gitea
6.1
CVSSv3
CVE-2021-45328
Gitea prior to 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
Gitea Gitea
6.1
CVSSv3
CVE-2021-45329
Cross Site Scripting (XSS) vulnerability exists in Gitea prior to 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
Gitea Gitea
9.8
CVSSv3
CVE-2021-45330
An issue exsits in Gitea up to and including 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
Gitea Gitea
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4761command injectionCVE-2024-3676IDORCVE-2024-30039CVE-2024-32113CVE-2024-30049CVE-2024-4776SQL injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook