CVE-2021-45328
published 2022-02-08CVE-2021-45328: Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
PriorityP431medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
0.95%
56.7th percentile
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| gitea | gitea | < 1.4.3 | 1.4.3 |
| github.com | go-gitea_gitea | >= 0 < 1.4.3 | 1.4.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
osv6.1MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Open redirect in Gitea in github.com/go-gitea/gitea
osv·2024-08-21
CVE-2021-45328 Open redirect in Gitea in github.com/go-gitea/gitea
Open redirect in Gitea in github.com/go-gitea/gitea
Open redirect in Gitea in github.com/go-gitea/gitea
GHSA
Open redirect in Gitea
ghsa·2022-02-09
CVE-2021-45328 [MEDIUM] CWE-601 Open redirect in Gitea
Open redirect in Gitea
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
OSV
Open redirect in Gitea
osv·2022-02-09
CVE-2021-45328 [MEDIUM] Open redirect in Gitea
Open redirect in Gitea
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
OSV
CVE-2021-45328: Gitea before 1
osv·2022-02-08·CVSS 6.1
CVE-2021-45328 [MEDIUM] CVE-2021-45328: Gitea before 1
Gitea before 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs.
No detection rules found.
Nuclei
Gitea < 1.4.3 - Open Redirect
nuclei·CVSS 6.1
CVE-2021-45328 [MEDIUM] Gitea < 1.4.3 - Open Redirect
Gitea < 1.4.3 - Open Redirect
Gitea before version 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. The vulnerability exists in the redirect_to parameter used on the login page (/user/login). Due to improper validation of the redirect URL, an attacker can craft a malicious link that redirects authenticated users to an arbitrary external website after login.
Template:
id: CVE-2021-45328
info:
name: Gitea < 1.4.3 - Open Redirect
author: ritikchaddha
severity: medium
description: |
Gitea before version 1.4.3 is affected by URL Redirection to Untrusted Site ('Open Redirect') via internal URLs. The vulnerability exists in the redirect_to parameter used on the login page (/user/login). Due to improper validation of the redirect URL, an attacker can
No writeups or analysis indexed.
2022-02-08
Published