CVE-2018-18926 (NVD)

2018-11-04

Gitea before 1.5.4 allows remote code execution because it does not properly validate session IDs. This is related to session ID handling in the go-macaron/session code for Macaron.

Products Gitea
Type Session Fixation (CWE-384)
First patch - None (likely due to unavailable code)
Links https://github.com/go-gitea/gitea/issues/5140