VYPR
← All advisories
High severityNVD Advisory· Published May 3, 2022· Updated Aug 3, 2024

CVE-2022-27313

CVE-2022-27313

Description

An arbitrary file deletion vulnerability in Gitea v1.16.3 allows attackers to cause a Denial of Service (DoS) via deleting the configuration file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Gitea v1.16.3 allows attackers to delete the configuration file via an arbitrary file deletion vulnerability, leading to denial of service.

Vulnerability

An arbitrary file deletion vulnerability exists in Gitea version 1.16.3 [1]. The issue allows an attacker to delete the configuration file (app.ini), causing the instance to become inoperable. The exact code path is not publicly detailed, but the vulnerability is present in the default configuration and does not require any special settings.

Exploitation

An attacker with authenticated access (likely user-level privileges) can exploit the vulnerability to delete the configuration file. The specific steps are not disclosed, but the attack is feasible without administrative rights.

Impact

Successful exploitation leads to the deletion of the Gitea configuration file, resulting in a denial of service (DoS) as the instance fails to start or operate correctly. No data corruption or remote code execution is associated with this CVE.

Mitigation

The vulnerability is fixed in Gitea version 1.16.4, released on March 14, 2022 [2][3]. Users should upgrade to this version or later. No workaround is available for earlier versions.

References
  1. GitHub - go-gitea/gitea: Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
  2. Fix lfs bug by lunny · Pull Request #19072 · go-gitea/gitea
  3. NVD - CVE-2022-27313

AI Insight generated on May 21, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
code.gitea.io/giteaGo
< 1.16.41.16.4

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

4

News mentions

0

No linked articles in our index yet.