CVE-2021-45327

Critical

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API.…

mitre·CWE-294·Published 2022-02-08

CVSS

9.8

EPSS

0.02

KEV

Exploits

cve.orgen

201 chars

Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. which could let a remote malisious user execute arbitrary code.

NVDen

201 chars

OSV.deven

46 chars

Capture-replay in Gitea in code.gitea.io/gitea

GHSAen

272 chars

Gitea is a project to help users set up a self-hosted Git service. Gitea before 1.11.2 is affected by Trusting HTTP Permission Methods on the Server Side when referencing the vulnerable admin or user API. This could allow a remote malicious user to execute arbitrary code.

NVDes

272 chars

Gitea versiones anteriores a 1.11.2, está afectado por los Métodos de Permiso HTTP Confiables en el Lado del Servidor cuando hace referencia a la API de administración o de usuario vulnerable, lo que podría permitir a un usuario remoto malicioso ejecutar código arbitrario

CVSS metrics across sources

Version	Type	Source	Base	Exp	Impact	Vector
2.0	Primary	NVD	7.5	10.0	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P
3.1	Primary	NVD	9.8	3.9	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H