CVE-2021-45325
MEDIUM5.3EPSS 0.30%Gitea displaying raw OpenID error in UI
發布日:2022/2/9修改日:2024/8/21
描述
Gitea is a project to help users set up a self-hosted Git service. Server Side Request Forgery (SSRF) vulnerability exists in Gitea before 1.7.0 using the OpenID URL. Gitea can leak sensitive information about the local network through the error provided by the UI.
受影響套件(3)
- Bitnami/giteafrom 0, < 1.7.0
- Go/github.com/go-gitea/giteafrom 0, < 1.7.0
- Go/github.com/go-gitea/giteafrom 0, < 1.7.0
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.3 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
參考連結(8)
- ADVISORYhttps://github.com/advisories/GHSA-8h8p-x289-vvqr
- ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2021-45325
- PATCHhttps://github.com/go-gitea/gitea
- WEBhttps://blog.gitea.io/2019/01/gitea-1.7.0-is-released
- WEBhttps://blog.gitea.io/2019/01/gitea-1.7.0-is-released/
- WEBhttps://github.com/go-gitea/gitea/issues/4973
- WEBhttps://github.com/go-gitea/gitea/pull/5705
- WEBhttps://github.com/go-gitea/gitea/pull/5712