CVE-2024-6886
published 2024-08-06CVE-2024-6886: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored…
PriorityP273critical10CVSS 4.0
AVNACLATNPRNUINVCHVIHVAHSCHSIHSAHEXCRXIRXARXMAVXMACXMATXMPRXMUIXMVCXMVIXMVAXMSCXMSIXMSAXSXAUXRXVXREXUX
EXPLOIT
EPSS
40.32%
98.5th percentile
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.22.1 | 1.22.1 |
| gitea | gitea_open_source_git_server | — | — |
Detection & IOCsextracted from sources · hover to see the quote
commandPOST /user/login HTTP/1.1
Content-Type: application/x-www-form-urlencoded
user_name={{username}}&password={{password}}↗
commandPOST /repo/create HTTP/1.1
Content-Type: application/x-www-form-urlencoded
repo_name={{randstr}}&description=XSS&_csrf={{csrf_token}}&uid={{uid_name}}↗
- →Monitor POST requests to /repo/create containing a `description` parameter with script/XSS payloads (e.g., containing '<' or 'javascript:') from authenticated sessions. ↗
- →Monitor POST requests to /$username/$repo_name/settings where the Description field contains HTML/script injection payloads; this is the injection point for the stored XSS. ↗
- →Extract and monitor the _csrf token regex pattern `name="_csrf" value="([^"]+)"` in responses; its presence being harvested in automated requests is a sign of exploit tooling targeting this CVE. ↗
- →The exploit requires authentication; look for a login POST to /user/login followed immediately by GET /{{username}} and then POST /repo/create — this sequence in logs is characteristic of automated exploitation. ↗
- ·Vulnerability is strictly limited to Gitea Open Source Git Server version 1.22.0; no other versions are confirmed affected by this CVE. ↗
- ·Exploitation requires an authenticated attacker with at least repository creation or settings-modification privileges; unauthenticated exploitation is not possible. ↗
- ·The Gitea Go SDK (client library) is NOT affected; only the Gitea server application itself is vulnerable. ↗
CVSS provenance
nvdv4.010.0CRITICALCVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
Gitea Cross-site Scripting Vulnerability
ghsa·2024-08-06
CVE-2024-6886 [CRITICAL] CWE-79 Gitea Cross-site Scripting Vulnerability
Gitea Cross-site Scripting Vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
OSV
Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea
osv·2024-08-06
CVE-2024-6886 Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea
Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea
Gitea Cross-site Scripting Vulnerability in code.gitea.io/gitea
OSV
Gitea Cross-site Scripting Vulnerability
osv·2024-08-06
CVE-2024-6886 [CRITICAL] Gitea Cross-site Scripting Vulnerability
Gitea Cross-site Scripting Vulnerability
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
Red Hat
Gitea: Stored XSS due to improper sanitization
vendor_redhat·2024-07-09·CVSS 10.0
CVE-2024-6886 [CRITICAL] CWE-79 Gitea: Stored XSS due to improper sanitization
Gitea: Stored XSS due to improper sanitization
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Gitea Gitea Open Source Git Server allows Stored XSS.This issue affects Gitea Open Source Git Server: 1.22.0.
A flaw was found in Gitea. This issue may allow cross-site scripting (XSS) due to improper input sanitization, which can allow an attacker to inject a malicious script into web pages viewed by other users. To exploit this flaw, an attacker must be able to create a repository with malicious settings or modify the settings of an existing repository.
Statement: This vulnerability is specific to the Gitea server application, which is not shipped or used by any Red Hat products. While some components may use the Gitea Go SDK, the
No detection rules found.
Exploit-DB
Gitea 1.22.0 - Stored XSS
exploitdb·2024-08-28·CVSS 10.0
CVE-2024-6886 [CRITICAL] Gitea 1.22.0 - Stored XSS
Gitea 1.22.0 - Stored XSS
---
# Exploit Title: Stored XSS in Gitea
# Date: 27/08/2024
# Exploit Authors: Catalin Iovita & Alexandru Postolache
# Vendor Homepage: (https://github.com/go-gitea/gitea)
# Version: 1.22.0
# Tested on: Linux 5.15.0-107, Go 1.23.0
# CVE: CVE-2024-6886
## Vulnerability Description
Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.
## Steps to Reproduce
1. Log in to the application.
2. Create a new repository or modify an existing repository by clicking the Settings button from the `$username/$repo_name/settings` endpoint.
3. In the Description field, input the following payload:
XSS
Nuclei
Gitea 1.22.0 - Cross-Site Scripting
nuclei·CVSS 10.0
CVE-2024-6886 [CRITICAL] Gitea 1.22.0 - Cross-Site Scripting
Gitea 1.22.0 - Cross-Site Scripting
Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.
Template:
id: CVE-2024-6886
info:
name: Gitea 1.22.0 - Cross-Site Scripting
author: soonghee2
severity: medium
description: |
Gitea 1.22.0 is vulnerable to a Stored Cross-Site Scripting (XSS) vulnerability. This vulnerability allows an attacker to inject malicious scripts that get stored on the server and executed in the context of another user's session.
impact: |
Authenticated attackers can inject malicious JavaScript into repository descriptions that executes in the context of other users' sessions when they view the re
No writeups or analysis indexed.
2024-08-06
Published