VYPR

Vendor CVEs

Go Gitea

All CVEs

55 total · sorted by risk
  • CVE-2019-1010261Jul 18, 2019
    risk 0.00cvss epss 0.01

    Gitea 1.7.0 and earlier is affected by: Cross Site Scripting (XSS). The impact is: Attacker is able to have victim execute arbitrary JS in browser. The component is: go-get URL generation - PR to fix: https://github.com/go-gitea/gitea/pull/5905. The attack vector is: victim must…

  • CVE-2019-1010314Jul 11, 2019
    risk 0.00cvss epss 0.01

    Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.

  • CVE-2019-11576Apr 28, 2019
    risk 0.00cvss epss 0.02

    Gitea before 1.8.0 allows 1FA for user accounts that have completed 2FA enrollment. If a user's credentials are known, then an attacker could send them to the API without requiring the 2FA one-time password.

  • CVE-2019-11228Apr 13, 2019
    risk 0.00cvss epss 0.01

    repo/setting.go in Gitea before 1.7.6 and 1.8.x before 1.8-RC3 does not validate the form.MirrorAddress before calling SaveAddress.

  • CVE-2019-1000002Feb 4, 2019
    risk 0.00cvss epss 0.01

    Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write…

Page 2 of 2