CVE-2021-45325Server-Side Request Forgery in Go-gitea Gitea

CWE-918Server-Side Request Forgery5 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 46.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Github.com Go-gitea GiteaGitea
Timeline
PublishedFeb 8
Latest updateAug 21

Description

Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 1.7.0 using the OpenID URL.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgitea/gitea< 1.7.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

4
OSV
Gitea displaying raw OpenID error in UI in github.com/go-gitea/gitea2024-08-21
OSV
Gitea displaying raw OpenID error in UI2022-02-09
GHSA
Gitea displaying raw OpenID error in UI2022-02-09
OSV
CVE-2021-45325: Server Side Request Forgery (SSRF) vulneraility exists in Gitea before 12022-02-08