Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
gitea gitea vulnerabilities and exploits
(subscribe to this query)
5
CVSSv2
CVE-2019-11228
repo/setting.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.
Gitea Gitea 1.8.0
Gitea Gitea
6.5
CVSSv2
CVE-2019-11229
models/repo_mirror.go in Gitea prior to 1.7.6 and 1.8.x prior to 1.8-RC3 mishandles mirror repo URL settings, leading to remote code execution.
Gitea Gitea 1.8.0
Gitea Gitea
4.3
CVSSv2
CVE-2019-1010314
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected r...
Gitea Gitea 1.7.3
Gitea Gitea 1.7.2
5
CVSSv2
CVE-2018-15192
An SSRF vulnerability in webhooks in Gitea up to and including 1.5.0-rc2 and Gogs up to and including 0.11.53 allows remote malicious users to access intranet services.
Gogs Gogs
Gitea Gitea 1.5.0
Gitea Gitea
5
CVSSv2
CVE-2020-13246
An issue exists in Gitea up to and including 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.
Gitea Gitea
5
CVSSv2
CVE-2022-30781
Gitea prior to 1.16.7 does not escape git fetch remote.
Gitea Gitea
2 Github repositories
7.5
CVSSv2
CVE-2018-18926
Gitea prior to 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.
Gitea Gitea
NA
CVE-2023-3515
Open Redirect in GitHub repository go-gitea/gitea before 1.19.4.
Gitea Gitea
7.5
CVSSv2
CVE-2019-11576
Gitea prior to 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.
Gitea Gitea
5
CVSSv2
CVE-2019-10330
Jenkins Gitea Plugin 1.1.1 and previous versions did not implement trusted revisions, allowing attackers without commit access to the Git repo to change Jenkinsfiles even if Jenkins is configured to consider them to be untrusted.
Gitea Gitea
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-36954
CVE-2024-36933
CVE-2024-24919
CVE-2024-36923
CVE-2024-2961
CVE-2024-36925
bypass
encryption
command injection
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
3
4
NEXT »