18 matches found
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via the release notification process. An attacker can receive unauthorized information about private repository releases by maintaining a watch on a repository that was changed from public to private, even after...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization via the web interface when canceling scheduled auto-merges. An attacker can terminate auto-merges scheduled by other users by leveraging read access to pull requests. Remediation Upgrade...
CVE-2019-11228
repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress...
Information Exposure
Overview Affected versions of this package are vulnerable to Information Exposure via the /api/v1/user endpoint returning different responses for failed authentication attempts depending on whether a username exists. An attacker can enumerate valid usernames by analyzing the variations in...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization in the propagation of token scope for access control within Gitea's package registry. An attacker can gain unauthorized access or perform actions beyond their intended permissions by exploiting improper enforceme...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization due to mishandling access control to private resources. An attacker can gain unauthorized access to private resources by using an API token that is restricted to public resources. Remediation Upgrade...
EUVD-2023-2029
Malicious code in bioql PyPI...
EUVD-2024-1294
Malicious code in bioql PyPI...
CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote...
Gitea Git Fetch Remote Code Execution
This module exploits Git fetch command in Gitea repository migration process that leads to a remote command execution on the system. This vulnerability affect Gitea before 1.16.7 version. Module Options msf use exploit/multi/http/giteagitfetchrce msf exploitgiteagitfetchrce show targets...
Gitea < 1.15.7 Cookies Vulnerability
Gitea is prone to a cookies reuse vulnerability. Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...
CVE-2021-45328
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site 'Open Redirect' via internal URLs...
Gitea Deadlock Vulnerability
Gitea is an open source community-driven clone of Gogs, a lightweight code hosting solution with a backend written in Go under the MIT license. A deadlock vulnerability exists in Gitea 1.11.5 and earlier versions. An attacker can exploit this vulnerability to cause a deadlock by initiating a...
UBUNTU-CVE-2019-1010261
Gitea 1.7.0 and earlier is affected by: Cross Site Scripting XSS. The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must open a specifically...
Improper access control
Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...
CVE-2019-1000002
Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any"...
CVE-2018-1000803
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email...
PT-2018-12939 · Gogs +1 · Gogs +1
Name of the Vulnerable Software and Affected Versions: Gitea versions through 1.5.0-rc2 Gogs versions through 0.11.53 Description: A Server-Side Request Forgery SSRF issue in webhooks affects Gitea and Gogs, allowing remote attackers to access intranet services. Recommendations: For Gitea version...