CVE-2022-1928 – Cross-site Scripting (XSS) - Stored in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-1928
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.9 • https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2 https://security.gentoo.org/glsa/202210-14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2022-30781 – Gitea 1.16.6 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote. Gitea versiones anteriores a 1.16.7, no escapa de git fetch remote • https://www.exploit-db.com/exploits/51009 https://github.com/wuhan005/CVE-2022-30781 http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html https://blog.gitea.io/2022/05/gitea-1.16.7-is-released https://github.com/go-gitea/gitea/pull/19487 https://github.com/go-gitea/gitea/pull/19490 https://tttang.com/archive/1607 • CWE-116: Improper Encoding or Escaping of Output •
CVE-2022-27313
https://notcve.org/view.php?id=CVE-2022-27313
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. Una vulnerabilidad de eliminación de archivos arbitrarios en Gitea versión v1.16.3, permite a atacantes causar una denegación de servicio (DoS) por medio de la eliminación del archivo de configuración • https://github.com/go-gitea/gitea/pull/19072 •
CVE-2022-1058 – Open Redirect on login in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. Un Redireccionamiento Abierto en el inicio de sesión en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.5 • https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48 https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2021-29134
https://notcve.org/view.php?id=CVE-2021-29134
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. El middleware de avatar en Gitea versiones anteriores a 1.13.6, permite un Salto de Directorio por medio de una URL diseñada • https://github.com/go-gitea/gitea/pull/15125/files https://github.com/go-gitea/gitea/releases/tag/v1.13.6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •