Remote Code Execution Vulnerability in Gitea Versions
CVE-2019-11229

8.8HIGH

Key Information:

Vendor: Gitea
Status: Gitea
Vendor: CVE Published:; 15 April 2019

🔔 Create Gitea Vulnerability Alert

What is CVE-2019-11229?

A flaw in the models/repo_mirror.go file of Gitea allows improper handling of mirror repository URL settings. This misconfiguration can be exploited by attackers to execute arbitrary code remotely, posing significant risks to system integrity. Users of versions prior to 1.7.6 and 1.8.x before 1.8-RC3 should prioritize upgrading to address this vulnerability and safeguard their systems.

References

https://github.com/go-gitea/gitea/releases/tag/v1.8.0-rc3

x_refsource_MISC

https://github.com/go-gitea/gitea/releases/tag/v1.7.6

x_refsource_MISC

http://packetstormsecurity.com/files/160833/Gitea-1.7.5-R...

x_refsource_MISC

EPSS Score

30% chance of being exploited in the next 30 days.

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 15, 2019
Vulnerability Reserved
Apr 13, 2019

.

CVE-2019-11229 : Remote Code Execution Vulnerability in Gitea Versions