CVE-2021-45325 – github.com/go-gitea/gitea

Package

Manager: go
Name: github.com/go-gitea/gitea
Vulnerable Version: >=0 <1.7.0

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00302 pctl0.52956

Details

Gitea displaying raw OpenID error in UI Gitea is a project to help users set up a self-hosted Git service. Server Side Request Forgery (SSRF) vulnerability exists in Gitea before 1.7.0 using the OpenID URL. Gitea can leak sensitive information about the local network through the error provided by the UI.

Metadata

Created: 2022-02-09T00:00:29Z
Modified: 2022-02-14T21:42:51Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-8h8p-x289-vvqr/GHSA-8h8p-x289-vvqr.json
CWE IDs: ["CWE-918"]
Alternative ID: GHSA-8h8p-x289-vvqr
Finding: F100
Auto approve: 1