CVE-2021-45326 – github.com/go-gitea/gitea

Package

Manager: go
Name: github.com/go-gitea/gitea
Vulnerable Version: >=0 <1.5.2

Severity

Level: High

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:P/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

EPSS: 0.00214 pctl0.43937

Details

Cross Site Request Forgery in Gitea Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.

Metadata

Created: 2022-02-09T00:00:29Z
Modified: 2023-09-15T20:20:04Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/02/GHSA-4wp3-8q92-mh8w/GHSA-4wp3-8q92-mh8w.json
CWE IDs: ["CWE-352"]
Alternative ID: GHSA-4wp3-8q92-mh8w
Finding: F007
Auto approve: 1