Lucene search

K

Veracode Vulnerability DatabaseVERACODE:41217

HistoryJul 12, 2023 - 6:47 a.m.

Open Redirect

2023-07-1206:47:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

12

vulnerability

open redirect

redirecttofirst

crafted post request

malicious site

github.com/go-gitea/gitea

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.1%

github.com/go-gitea/gitea is vulnerable to Open Redirect. The vulnerability exists due to improper path sanitization in the RedirectToFirst function, which allows an attacker to pass a crafted POST request, redirecting the victim to a malicious site.

CPENameOperatorVersion
github.com/go-gitea/giteaeqv1.20.0-rc0
github.com/go-gitea/gitealev1.19.3
github.com/go-gitea/giteaeqv1.20.0-rc0
github.com/go-gitea/gitealev1.19.3

References

github.com/advisories/GHSA-cf6v-9j57-v6r6

github.com/go-gitea/gitea/commit/7679f4d51a637ae47880e09dbb185651cb7163c7

github.com/go-gitea/gitea/commit/9aaaf980f0ba15611f30568bd67bce3ec12954e2

github.com/go-gitea/gitea/commit/a9030052a7b92bdfa1a6be0cdb540050a16ba31e

github.com/go-gitea/gitea/pull/25143

huntr.dev/bounties/e335cd18-bc4d-4585-adb7-426c817ed053

huntr.dev/bounties/e335cd18-bc4d-4585-adb7-426c817ed053/

security.gentoo.org/glsa/202312-13

4.4 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N

0.001 Low

EPSS

Percentile

25.1%

Related for VERACODE:41217

nessus1 nvd1 gentoo1 osv3 cvelist1 gitlab1 cve1 prion1 github1 cnvd1 huntr1