Remote Code Execution Vulnerability in Gitea by Gitea Team
CVE-2018-18926

9.8CRITICAL

Key Information:

Vendor: Gitea
Status: Gitea
Vendor: CVE Published:; 4 November 2018

What is CVE-2018-18926?

A vulnerability exists in Gitea prior to version 1.5.4 that can be exploited to execute arbitrary code remotely. The flaw arises from the failure to adequately validate session IDs, specifically tied to the session ID management implemented in the go-macaron/session codebase. Attackers could exploit this oversight, potentially compromising the security of the Gitea environment. It is crucial for users to upgrade to the latest version to mitigate this risk.

References

https://github.com/go-gitea/gitea/issues/5140

x_refsource_MISC

EPSS Score

7% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 4, 2018
Vulnerability Reserved
Nov 4, 2018

JSON