CVE-2021-45330
published 2022-02-09CVE-2021-45330: An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains…
PriorityP348critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
1.42%
69.6th percentile
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.6.0 | 1.6.0 |
| gitea | gitea | <= 1.15.7 | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Improper Privilege Management in Gitea in code.gitea.io/gitea
osv·2024-08-21
CVE-2021-45330 Improper Privilege Management in Gitea in code.gitea.io/gitea
Improper Privilege Management in Gitea in code.gitea.io/gitea
Improper Privilege Management in Gitea in code.gitea.io/gitea
OSV
Improper Privilege Management in Gitea
osv·2022-02-10
CVE-2021-45330 [CRITICAL] Improper Privilege Management in Gitea
Improper Privilege Management in Gitea
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
GHSA
Improper Privilege Management in Gitea
ghsa·2022-02-10
CVE-2021-45330 [CRITICAL] CWE-269 Improper Privilege Management in Gitea
Improper Privilege Management in Gitea
An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-02-09
Published