CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38795
https://notcve.org/view.php?id=CVE-2022-38795
In Gitea through 1.17.1, repo cloning can occur in the migration function. En Gitea hasta 1.17.1, la clonación de repositorios puede ocurrir en la función de migración. • https://blog.gitea.com/release-of-1.17.2 https://github.com/go-gitea/gitea/pull/20869 https://github.com/go-gitea/gitea/pull/20892 •
CVSS: 4.4EPSS: 0%CPEs: 1EXPL: 1CVE-2023-3515 – Open Redirect in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2023-3515
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. Vulnerabilidad de redireccionamiento abierto en el repositorio de GitHub go-Gitea/Gitea antes de 1.19.4. • https://github.com/go-gitea/gitea/commit/9aaaf980f0ba15611f30568bd67bce3ec12954e2 https://huntr.dev/bounties/e335cd18-bc4d-4585-adb7-426c817ed053 https://security.gentoo.org/glsa/202312-13 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2022-42968
https://notcve.org/view.php?id=CVE-2022-42968
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled. Gitea versiones anteriores a 1.17.3, no sanea ni escapa de las referencias en el backend de git. Los argumentos de los comandos de git son manejados inapropiadamente • https://github.com/go-gitea/gitea/pull/21463 https://github.com/go-gitea/gitea/releases/tag/v1.17.3 https://security.gentoo.org/glsa/202210-14 • CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0CVE-2022-38183
https://notcve.org/view.php?id=CVE-2022-38183
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles. En Gitea versiones anteriores a 1.16.9, era posible que usuarios añadieran incidencias existentes a los proyectos. Debido a controles de acceso inapropiados, un atacante podía asignar cualquier incidencia a cualquier proyecto en Gitea (no había comprobación de permisos para obtener la incidencia). • https://blog.gitea.io/2022/07/gitea-1.16.9-is-released https://herolab.usd.de/security-advisories/usd-2022-0015 https://security.gentoo.org/glsa/202210-14 • CWE-862: Missing Authorization •
CVSS: 5.4EPSS: 0%CPEs: 1EXPL: 1CVE-2022-1928 – Cross-site Scripting (XSS) - Stored in go-gitea/gitea
https://notcve.org/view.php?id=CVE-2022-1928
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9. Una vulnerabilidad de tipo Cross-site Scripting (XSS) - Almacenado en el repositorio de GitHub go-gitea/gitea versiones anteriores a 1.16.9 • https://github.com/go-gitea/gitea/commit/65e0688a5c9dacad50e71024b7529fdf0e3c2e9c https://huntr.dev/bounties/6336ec42-5c4d-4f61-ae38-2bb539f433d2 https://security.gentoo.org/glsa/202210-14 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •