CVE-2022-0905
HIGH7.1EPSS 0.31%Gitea Missing Authorization vulnerability in code.gitea.io/gitea
Published: 3/11/2022Modified: 3/3/2026
Description
Gitea Missing Authorization vulnerability in code.gitea.io/gitea
Affected packages (3)
- Bitnami/giteafrom 0, < 1.16.4
- Go/code.gitea.io/giteafrom 0, < 1.16.4
- Go/code.gitea.io/giteafrom 0, < 1.16.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH7.1 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N |
References (6)
- ADVISORYhttps://github.com/advisories/GHSA-jr9c-h74f-2v28
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2022-0905
- PATCHhttps://github.com/go-gitea/gitea
- WEBhttps://github.com/go-gitea/gitea/commit/1314f38b59748397b3429fb9bc9f9d6bac85d2f2
- WEBhttps://github.com/go-gitea/gitea/commit/3e5c844a7758fa29126d201f4f98bf21bca6d314
- WEBhttps://huntr.dev/bounties/8d221f92-b2b1-4878-bc31-66ff272e5ceb