CVE-2021-45326

HIGH8.8EPSS 0.15%

Cross Site Request Forgery in Gitea

Published: 2/9/2022Modified: 8/21/2024

Also known as:GHSA-4wp3-8q92-mh8wBIT-gitea-2021-45326GO-2022-0309

Description

Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.

Affected packages (3)

Bitnami/giteafrom 0, < 1.5.2
Go/github.com/go-gitea/giteafrom 0, < 1.5.2
Go/github.com/go-gitea/giteafrom 0, < 1.5.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH8.8	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

References (7)

ADVISORYhttps://github.com/advisories/GHSA-4wp3-8q92-mh8w
ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-45326
PATCHhttps://github.com/go-gitea/gitea
WEBhttps://blog.gitea.io/2018/10/gitea-1.5.2-is-released
WEBhttps://blog.gitea.io/2018/10/gitea-1.5.2-is-released/
WEBhttps://github.com/go-gitea/gitea/issues/4838
WEBhttps://github.com/go-gitea/gitea/pull/4840