Arbitrary File Deletion Vulnerability in Gitea by Gitea Team
CVE-2022-27313

7.5HIGH

Key Information:

Vendor: Gitea
Status: Gitea
Vendor: CVE Published:; 3 May 2022

What is CVE-2022-27313?

An arbitrary file deletion vulnerability exists in Gitea versions prior to v1.16.4, allowing attackers to delete critical configuration files. This can lead to Denial of Service (DoS) conditions, effectively disrupting the application's functionality and accessibility. Remediation involves upgrading to the latest version to mitigate associated risks.

References

https://github.com/go-gitea/gitea/pull/19072

x_refsource_MISC

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 3, 2022
Vulnerability Reserved
Mar 21, 2022

JSON