CVE-2018-18926

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.5.4

Description The issue allows remote code execution due to improper validation of session IDs, specifically related to session ID handling in the go-macaron/session code for Macaron.

Recommendations For versions prior to 1.5.4, update to version 1.5.4 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application to minimize the risk of exploitation.

Fix

RCE

Code Injection

Session Fixation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-94CWE-384

Related Identifiers

CVE-2018-18926

GHSA-HF6F-JQ25-8GQ9

GO-2022-0844

Affected Products

Gitea

CVE-2018-18926

Weakness Enumeration

Related Identifiers

Affected Products

References · 11