CVE-2021-45325
published 2022-02-08CVE-2021-45325: Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
PriorityP338high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.04%
59.7th percentile
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gitea | gitea | < 1.7.0 | 1.7.0 |
| github.com | go-gitea_gitea | >= 0 < 1.7.0 | 1.7.0 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea
osv·2024-08-21
CVE-2021-45325 Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea
Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea
Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea
OSV
Gitea displaying raw OpenID error in UI
osv·2022-02-09
CVE-2021-45325 [MEDIUM] Gitea displaying raw OpenID error in UI
Gitea displaying raw OpenID error in UI
Gitea is a project to help users set up a self-hosted Git service. Server Side Request Forgery (SSRF) vulnerability exists in Gitea before 1.7.0 using the OpenID URL. Gitea can leak sensitive information about the local network through the error provided by the UI.
GHSA
Gitea displaying raw OpenID error in UI
ghsa·2022-02-09
CVE-2021-45325 [MEDIUM] CWE-918 Gitea displaying raw OpenID error in UI
Gitea displaying raw OpenID error in UI
Gitea is a project to help users set up a self-hosted Git service. Server Side Request Forgery (SSRF) vulnerability exists in Gitea before 1.7.0 using the OpenID URL. Gitea can leak sensitive information about the local network through the error provided by the UI.
OSV
CVE-2021-45325: Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1
osv·2022-02-08·CVSS 7.5
CVE-2021-45325 [HIGH] CVE-2021-45325: Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1
Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-08
Published