Open Redirect Vulnerability in Gitea
CVE-2021-45328

6.1MEDIUM

Key Information:

Vendor

Gitea

Status
Gitea
Vendor
CVE Published:
8 February 2022

What is CVE-2021-45328?

Gitea, a popular self-hosted Git service, experiences a vulnerability allowing URL redirection to untrusted sites. This occurs in versions prior to 1.4.3, where users may be tricked into clicking on malicious links that redirect them to unintended and potentially harmful external sites, creating a risk for phishing attacks and data leakage.

References

https://blog.gitea.io/2018/06/release-of-1.4.3/
x_refsource_MISC
https://github.com/go-gitea/gitea/issues/4332
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2021-45328 : Open Redirect Vulnerability in Gitea