CVE-2021-45325

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.7.0

Description A Server Side Request Forgery (SSRF) issue exists, allowing a remote attacker to exploit the vulnerability using a specially crafted OpenID URL. This can lead to sensitive information about the local network being leaked through the error provided by the UI.

Recommendations For versions prior to 1.7.0, update to version 1.7.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the OpenID URL to minimize the risk of exploitation.