Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2022-1058Open Redirect in Gitea

CWE-601Open Redirect7 documents5 sources
Severity
6.1MEDIUMNVD
EPSS
7.3%
top 8.29%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
3
Go-gitea GiteaCode.gitea.io GiteaGitea
Timeline
PublishedMar 24
Latest updateJun 4

Description

Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages3 packages

NVDgitea/gitea< 1.16.5
Gocode.gitea.io/gitea< 1.16.5
CVEListV5go-gitea/go-gitea_giteaunspecified1.16.5

Patches

Patch: github.comPatch: huntr.devPatch: github.com

🔴Vulnerability Details

3
OSV
Gitea Open Redirect in code.gitea.io/gitea2024-06-04
GHSA
Gitea Open Redirect2022-03-25
OSV
Gitea Open Redirect2022-03-25

💥Exploits & PoCs

3
Exploit-DB
ChurchCRM 4.4.5 - SQLi2022-06-14
Nuclei
Gitea <1.16.5 - Open Redirect
Nuclei
PyLoad 0.5.0 - Pre-auth Remote Code Execution (RCE)