Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitea gitea vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv3
CVE-2019-11228
repo/setting.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
Gitea Gitea 1.8.0
Gitea Gitea
8.8
CVSSv3
CVE-2019-11229
models/repo_mirror.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
Gitea Gitea 1.8.0
Gitea Gitea
6.1
CVSSv3
CVE-2019-1010314
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected r...
Gitea Gitea 1.7.2
Gitea Gitea 1.7.3
8.6
CVSSv3
CVE-2018-15192
An SSRF vulnerability in webhooks in Gitea up to and including 1.5.0-rc2 and Gogs up to and including 0.11.53 allows remote malicious users to access intranet services.
Gogs Gogs
Gitea Gitea 1.5.0
Gitea Gitea
5.3
CVSSv3
CVE-2018-1000803
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if the...
Gitea Gitea
9.8
CVSSv3
CVE-2019-11576
Gitea prior to 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.
Gitea Gitea
6.5
CVSSv3
CVE-2022-38183
In Gitea prior to 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access t...
Gitea Gitea
7.2
CVSSv3
CVE-2020-14144
The git hook feature in Gitea 1.1.0 up to and including 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately a...
Gitea Gitea
3 Github repositories
6.1
CVSSv3
CVE-2019-1010261
Gitea 1.7.0 and previous versions is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: vi...
Gitea Gitea
4.3
CVSSv3
CVE-2022-46685
In Jenkins Gitea Plugin 1.4.4 and previous versions, the implementation of Gitea personal access tokens did not support credentials masking, potentially exposing them through the build log.
Gitea Gitea
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
type confusion
IMAP
CVE-2024-36103
CVE-2024-28995
CVE-2024-37325
CVE-2024-30078
CVE-2024-30082
SQL injection
CVE-2024-30052
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »