CVSS: 7.5EPSS: 74%CPEs: 1EXPL: 4CVE-2022-30781 – Gitea 1.16.6 - Remote Code Execution (RCE)
https://notcve.org/view.php?id=CVE-2022-30781
Gitea before 1.16.7 does not escape git fetch remote. Gitea versiones anteriores a 1.16.7, no escapa de git fetch remote • https://www.exploit-db.com/exploits/51009 https://github.com/wuhan005/CVE-2022-30781 http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html https://blog.gitea.io/2022/05/gitea-1.16.7-is-released https://github.com/go-gitea/gitea/pull/19487 https://github.com/go-gitea/gitea/pull/19490 https://tttang.com/archive/1607 • CWE-116: Improper Encoding or Escaping of Output •
CVSS: 7.2EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1058 – Open Redirect on login in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-1058
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5. Un Redireccionamiento Abierto en el inicio de sesión en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.5 • https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48 https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2021-29134
https://notcve.org/view.php?id=CVE-2021-29134
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL. El middleware de avatar en Gitea versiones anteriores a 1.13.6, permite un Salto de Directorio por medio de una URL diseñada • https://github.com/go-gitea/gitea/pull/15125/files https://github.com/go-gitea/gitea/releases/tag/v1.13.6 • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 1CVE-2022-0905 – Missing Authorization in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-0905
Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4. Una Autorización Inapropiada en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.4 • https://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2 https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb • CWE-862: Missing Authorization •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2021-45330
https://notcve.org/view.php?id=CVE-2021-45330
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse. Se presenta un problema en Gitea hasta la versión 1.15.7, que podría permitir a un usuario malicioso alcanzar privilegios debido a que las cookies del lado del cliente no son eliminadas y la sesión sigue siendo válida en el lado del servidor para su reúso • https://github.com/go-gitea/gitea/issues/4336 • CWE-459: Incomplete Cleanup •