Lucene search

GitHub Advisory DatabaseGHSA-CF6V-9J57-V6R6

HistoryJul 05, 2023 - 3:30 p.m.

code.gitea.io/gitea Open Redirect vulnerability

2023-07-0515:30:25

CWE-601

GitHub Advisory Database

github.com

open redirect

github repository

gitea

post-auth

post based request

phishing

credential theft

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.1%

JSON

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft.

Affected configurations

Vulners

Node

code.gitea.iogiteaRange<1.19.4

CPENameOperatorVersion
code.gitea.io/gitealt1.19.4

CPE	Name	Operator	Version
	code.gitea.io/gitea	lt	1.19.4

References

github.com/advisories/GHSA-cf6v-9j57-v6r6

github.com/go-gitea/gitea/commit/9aaaf980f0ba15611f30568bd67bce3ec12954e2

huntr.dev/bounties/e335cd18-bc4d-4585-adb7-426c817ed053

nvd.nist.gov/vuln/detail/CVE-2023-3515

security.gentoo.org/glsa/202312-13