Missing Authorization in go-gitea/gitea
CVE-2022-0905

6.5MEDIUM

Key Information:

Vendor

Go-gitea

Status
Go-gitea/gitea
Vendor
CVE Published:
10 March 2022

What is CVE-2022-0905?

Missing Authorization in GitHub repository go-gitea/gitea prior to 1.16.4.

Affected Version(s)

go-gitea/gitea < 1.16.4

References

https://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff27...
https://github.com/go-gitea/gitea/commit/1314f38b59748397...

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
Low
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2022-0905 : Missing Authorization in go-gitea/gitea