Lucene search

GoogleOSV:GHSA-CF6V-9J57-V6R6

HistoryJul 05, 2023 - 3:30 p.m.

code.gitea.io/gitea Open Redirect vulnerability

2023-07-0515:30:25

Google

osv.dev

open redirect

github repository

gitea

software

vulnerability

post-auth redirect

post based request

phishing

credential theft

exploit

bug

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

7.2 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

25.1%

JSON

Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft.

CPENameOperatorVersion
code.gitea.io/gitealt1.19.4

CPE	Name	Operator	Version
	code.gitea.io/gitea	lt	1.19.4

References

github.com/go-gitea/gitea

github.com/go-gitea/gitea/commit/9aaaf980f0ba15611f30568bd67bce3ec12954e2

huntr.dev/bounties/e335cd18-bc4d-4585-adb7-426c817ed053

nvd.nist.gov/vuln/detail/CVE-2023-3515

security.gentoo.org/glsa/202312-13