CVE-2018-15192Server-Side Request Forgery in Gitea

CWE-918Server-Side Request Forgery4 documents3 sources
Severity
8.6HIGHNVD
EPSS
0.3%
top 48.83%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Code.gitea.io GiteaGogs.io GogsGitea+1 more
Timeline
PublishedAug 8
Latest updateAug 20

Description

An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages4 packages

NVDgitea/gitea< 1.5.0+1
Gogogs.io/gogs< 0.12.0
Gocode.gitea.io/gitea< 1.16.0-rc1
NVDgogs/gogs0.11.53

🔴Vulnerability Details

3
OSV
Gogs and Gitea SSRF Vulnerability in code.gitea.io/gitea2024-08-20
OSV
Gogs and Gitea SSRF Vulnerability2022-05-14
GHSA
Gogs and Gitea SSRF Vulnerability2022-05-14