CVE-2023-3515
published 2023-07-05CVE-2023-3515: Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.
PriorityP417medium4.4CVSS 3.1
AVNACHPRLUIRSCCLILAN
EPSS
0.41%
32.5th percentile
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.19.4 | 1.19.4 |
| gitea | gitea | < 1.19.4 | 1.19.4 |
| go-gitea | go-gitea_gitea | >= unspecified < 1.19.4 | 1.19.4 |
CVSS provenance
nvdv3.14.4MEDIUMCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N
nvdv3.03.0LOWCVSS:3.0/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
code.gitea.io/gitea Open Redirect vulnerability
osv·2024-08-20
CVE-2023-3515 code.gitea.io/gitea Open Redirect vulnerability
code.gitea.io/gitea Open Redirect vulnerability
code.gitea.io/gitea Open Redirect vulnerability
OSV
code.gitea.io/gitea Open Redirect vulnerability
osv·2023-07-05
CVE-2023-3515 [LOW] code.gitea.io/gitea Open Redirect vulnerability
code.gitea.io/gitea Open Redirect vulnerability
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft.
GHSA
code.gitea.io/gitea Open Redirect vulnerability
ghsa·2023-07-05
CVE-2023-3515 [LOW] CWE-601 code.gitea.io/gitea Open Redirect vulnerability
code.gitea.io/gitea Open Redirect vulnerability
Open Redirect in GitHub repository go-gitea/gitea prior to 1.19.4. This is most likely a post-auth redirect plus it is a POST based request scenario, so less likely that can be exploited or chained with other bugs that can cause phishing or credential theft.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/go-gitea/gitea/commit/9aaaf980f0ba15611f30568bd67bce3ec12954e2https://huntr.dev/bounties/e335cd18-bc4d-4585-adb7-426c817ed053https://security.gentoo.org/glsa/202312-13https://github.com/go-gitea/gitea/commit/9aaaf980f0ba15611f30568bd67bce3ec12954e2https://huntr.dev/bounties/e335cd18-bc4d-4585-adb7-426c817ed053https://security.gentoo.org/glsa/202312-13
2023-07-05
Published