CVSS: 7.5EPSS: 74%CPEs: 1EXPL: 4CVE-2022-30781 – Gitea 1.16.6 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote. Gitea versiones anteriores a 1.16.7, no escapa de git fetch remote • https://www.exploit-db.com/exploits/51009 https://github.com/wuhan005/CVE-2022-30781 http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html https://blog.gitea.io/2022/05/gitea-1.16.7-is-released https://github.com/go-gitea/gitea/pull/19487 https://github.com/go-gitea/gitea/pull/19490 https://tttang.com/archive/1607 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-27313
https://notcve.org/view.php?id=CVE-2022-27313
An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file. Una vulnerabilidad de eliminación de archivos arbitrarios en Gitea versión v1.16.3, permite a atacantes causar una denegación de servicio (DoS) por medio de la eliminación del archivo de configuración • https://github.com/go-gitea/gitea/pull/19072 •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1058 – Open Redirect on login in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. Un Redireccionamiento Abierto en el inicio de sesión en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.5 • https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48 https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0905 – Missing Authorization in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-0905
Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. Una Autorización Inapropiada en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.4 • https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2 https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb • CWE-862: Missing Authorization •