Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitea gitea vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-10330
Jenkins Gitea Plugin 1.1.1 and previous versions did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
Gitea Gitea
5
CVSSv2
CVE-2019-11228
repo/setting.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
Gitea Gitea 1.8.0
Gitea Gitea
5
CVSSv2
CVE-2018-1000803
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if the...
Gitea Gitea
5
CVSSv2
CVE-2018-15192
An SSRF vulnerability in webhooks in Gitea up to and including 1.5.0-rc2 and Gogs up to and including 0.11.53 allows remote malicious users to access intranet services.
Gogs Gogs
Gitea Gitea 1.5.0
Gitea Gitea
4.3
CVSSv2
CVE-2021-45329
Cross Site Scripting (XSS) vulnerability exists in Gitea prior to 1.5.1 via the repository settings inside the external wiki/issue tracker URL field.
Gitea Gitea
4.3
CVSSv2
CVE-2019-1010261
Gitea 1.7.0 and previous versions is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: vi...
Gitea Gitea
4.3
CVSSv2
CVE-2019-1010314
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected r...
Gitea Gitea 1.7.3
Gitea Gitea 1.7.2
3.5
CVSSv2
CVE-2022-1928
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea before 1.16.9.
Gitea Gitea
3.5
CVSSv2
CVE-2021-28378
Gitea 1.12.x and 1.13.x prior to 1.13.4 allows XSS via certain issue data in some situations.
Gitea Gitea
1 Github repository
NA
CVE-2022-38795
In Gitea up to and including 1.17.1, repo cloning can occur in the migration function.
Gitea Gitea
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
privilege escalation
CVE-2024-20696
CVE-2024-29829
CVE-2024-33999
CVE-2024-35646
physical
CVE-2024-24919
CVE-2024-31030
local users
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »