cbcvebase.
CVE-2022-1058
published 2022-03-24

CVE-2022-1058: Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

PriorityP353medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
EXPLOIT
EPSS
53.18%
98.8th percentile
Open Redirect on login in GitHub repository go-gitea/gitea prior to 1.16.5.

Affected

3 ranges
VendorProductVersion rangeFixed in
code.gitea.iogitea>= 0 < 1.16.51.16.5
giteagitea< 1.16.51.16.5
go-giteago-gitea_gitea>= unspecified < 1.16.51.16.5

Detection & IOCsextracted from sources · hover to see the quote

cookieredirect_to=//interact.sh
url/user/login
commandPOST /user/login HTTP/1.1 Content-Type: application/x-www-form-urlencoded Cookie: redirect_to=//interact.sh _csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}
hashe3d8e92bdc67562783de9a76b5b7842b68daeb48
  • Exploit sends a POST to /user/login with the `redirect_to` cookie set to a protocol-relative URL (e.g. //attacker.com). A successful exploitation results in an HTTP 302 response whose Location header echoes back the attacker-controlled value.
  • Detection: look for HTTP 302 responses to POST /user/login where the Location header contains a protocol-relative URL (starts with //) pointing to an external host.
  • Shodan/FOFA fingerprinting for exposed Gitea instances: search for title:"Gitea" or body containing "powered by gitea version".
  • ·The vulnerability exists in Gitea versions prior to 1.16.5 only. Instances running 1.16.5 or later are not affected.
  • ·Doc 3 (CVE-2023-0297 / PyLoad) is unrelated to CVE-2022-1058 and was excluded from this analysis; its inclusion in the source set appears to be erroneous cross-referencing.

CVSS provenance

nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
nvdv3.07.2HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N
nvdv2.05.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:N
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.