CVE-2022-0905
published 2022-03-10CVE-2022-0905: Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.
PriorityP335high7.1CVSS 3.1
AVNACLPRLUINSUCHILAN
EPSS
0.83%
53.1th percentile
Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.16.4 | 1.16.4 |
| gitea | gitea | < 1.16.4 | 1.16.4 |
| go-gitea | go-gitea_gitea | >= unspecified < 1.16.4 | 1.16.4 |
CVSS provenance
nvdv3.17.1HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N
nvdv3.06.5MEDIUMCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gitea Missing Authorization vulnerability in code.gitea.io/gitea
osv·2024-08-21
CVE-2022-0905 Gitea Missing Authorization vulnerability in code.gitea.io/gitea
Gitea Missing Authorization vulnerability in code.gitea.io/gitea
Gitea Missing Authorization vulnerability in code.gitea.io/gitea
GHSA
Gitea Missing Authorization vulnerability
ghsa·2022-03-11
CVE-2022-0905 [HIGH] CWE-862 Gitea Missing Authorization vulnerability
Gitea Missing Authorization vulnerability
Gitea 1.16.3 and prior is vulnerable to missing authorization. A patch is available as part of the 1.16.4 release.
OSV
Gitea Missing Authorization vulnerability
osv·2022-03-11
CVE-2022-0905 [HIGH] Gitea Missing Authorization vulnerability
Gitea Missing Authorization vulnerability
Gitea 1.16.3 and prior is vulnerable to missing authorization. A patch is available as part of the 1.16.4 release.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-03-10
Published