Server-Side Request Forgery Vulnerability in Gitea by Gitea
CVE-2021-45327

9.8CRITICAL

Key Information:

Vendor

Gitea

Status
Gitea
Vendor
CVE Published:
8 February 2022

What is CVE-2021-45327?

Gitea versions before 1.11.2 are vulnerable to a flaw that allows remote attackers to exploit trusting HTTP permission methods on the server side. This vulnerability affects the admin and user API, potentially enabling an attacker to execute arbitrary code remotely. As a result, unauthorized access to sensitive operations could be achieved, compromising the integrity of the system and its data.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://blog.gitea.io/2020/03/gitea-1.11.2-is-released/
x_refsource_MISC
https://github.com/go-gitea/gitea/pull/10462
x_refsource_MISC
https://github.com/go-gitea/gitea/pull/10465
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.