Product:

Gitea

(Gitea)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 33
Date Id Summary Products Score Patch Annotated
2022-05-29 CVE-2022-1928 Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. Gitea 5.4
2022-02-09 CVE-2021-45330 An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. Gitea 9.8
2022-05-03 CVE-2022-27313 An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. Gitea 7.5
2022-03-24 CVE-2022-1058 Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. Gitea 6.1
2022-03-15 CVE-2021-29134 The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. Gitea 5.3
2022-02-09 CVE-2021-45331 An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once. Gitea 9.8
2022-02-08 CVE-2021-45325 Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL. Gitea 7.5
2022-02-08 CVE-2021-45326 Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests. Gitea 8.8
2022-02-08 CVE-2021-45328 Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. Gitea 6.1
2022-02-08 CVE-2021-45329 Cross Site Scripting (XSS) vulnerability exists in Gitea before 1.5.1 via the repository settings inside the external wiki/issue tracker URL field. Gitea 6.1