Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitea gitea vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2019-11576
Gitea prior to 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.
Gitea Gitea
5
CVSSv2
CVE-2021-29134
The avatar middleware in Gitea prior to 1.13.6 allows Directory Traversal via a crafted URL.
Gitea Gitea
5.5
CVSSv2
CVE-2019-1000002
Gitea version 1.6.2 and previous versions contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must g...
Gitea Gitea
5
CVSSv2
CVE-2021-45325
Server Side Request Forgery (SSRF) vulneraility exists in Gitea prior to 1.7.0 using the OpenID URL.
Gitea Gitea
6.8
CVSSv2
CVE-2021-45326
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea prior to 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
Gitea Gitea
5.8
CVSSv2
CVE-2021-45328
Gitea prior to 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
Gitea Gitea
7.5
CVSSv2
CVE-2021-45331
An Authentication Bypass vulnerability exists in Gitea prior to 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
Gitea Gitea
5.5
CVSSv2
CVE-2022-0905
Missing Authorization in GitHub repository go-gitea/gitea before 1.16.4.
Gitea Gitea
5.8
CVSSv2
CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea before 1.16.5.
Gitea Gitea
NA
CVE-2022-38183
In Gitea prior to 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access t...
Gitea Gitea
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
SSRF
server-side request forgery
CVE-2024-30067
CVE-2024-5553
CVE-2024-30095
IDOR
CVE-2024-35252
CVE-2024-23692
CVE-2024-27801
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »