Techknowlogick

#11393of 53,608
24.1Total CVSS
Vulnerabilities · 3
Medium
1
High
1
Critical
1
PT-2022-6562
9.0
2022-02-08
Gitea · Gitea · CVE-2021-45326
**Name of the Vulnerable Software and Affected Versions** Gitea versions prior to 1.5.2 **Description** The issue is related to a Cross Site Request Forgery (CSRF) vulnerability in the Gitea Git repository management system interface. This vulnerability can be exploited by a remote attacker to perform a CSRF attack by sending specially crafted POST requests, potentially altering the state of the system. The vulnerability is particularly dangerous with state-altering POST requests. **Recommendations** For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider restricting access to API routes to minimize the risk of exploitation. Avoid using state-altering POST requests in the affected API routes until the issue is resolved.
PT-2019-12388
9.8
2019-04-26
Gitea · Gitea · CVE-2019-11576
**Name of the Vulnerable Software and Affected Versions** Gitea versions prior to 1.8.0 **Description** The issue allows for 1-factor authentication (1FA) for user accounts that have completed 2-factor authentication (2FA) enrollment. If a user's credentials are known, an attacker could send them to the API without requiring the 2FA one-time password. This could potentially lead to unauthorized access. **Recommendations** For versions prior to 1.8.0, update to version 1.8.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the API or requiring additional authentication measures until the update can be applied.
PT-2018-9528
5.3
2018-10-08
Gitea · Gitea · CVE-2018-1000803
**Name of the Vulnerable Software and Affected Versions** Gitea versions prior to 1.5.1 **Description** The issue results in the exposure of users' private email addresses. This can be exploited by watching a repository to receive email notifications, which contain the other recipients even if they have their email set as private. **Recommendations** For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider avoiding watching repositories to minimize the risk of exposing private email addresses. Restrict access to email notifications to minimize the risk of exploitation.