In Gitea through 1.17.1, repo cloning can occur in the migration function.
CVSS Score
6.5
EPSS Score
0.003
Published
2023-08-07
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.
CVSS Score
3.0
EPSS Score
0.001
Published
2023-07-05
Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-10-16
In Gitea before 1.16.9, it was possible for users to add existing issues to projects. Due to improper access controls, an attacker could assign any issue to any project in Gitea (there was no permission check for fetching the issue). As a result, the attacker would get access to private issue titles.
CVSS Score
6.5
EPSS Score
0.002
Published
2022-08-12
Cross-site Scripting (XSS) - Stored in GitHub repository go-gitea/gitea prior to 1.16.9.
CVSS Score
4.4
EPSS Score
0.001
Published
2022-05-29
Gitea before 1.16.7 does not escape git fetch remote.
CVSS Score
7.5
EPSS Score
0.862
Published
2022-05-16
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.
CVSS Score
7.2
EPSS Score
0.088
Published
2022-03-24
The avatar middleware in Gitea before 1.13.6 allows Directory Traversal via a crafted URL.
CVSS Score
5.3
EPSS Score
0.004
Published
2022-03-15
Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.
CVSS Score
6.5
EPSS Score
0.003
Published
2022-03-10
An Authentication Bypass vulnerability exists in Gitea before 1.5.0, which could let a malicious user gain privileges. If captured, the TOTP code for the 2FA can be submitted correctly more than once.
CVSS Score
9.8
EPSS Score
0.002
Published
2022-02-09
Page 1