First published: Thu Jul 11 2019(Updated: )
Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page.
Credit: josh@bress.net josh@bress.net
Affected Software | Affected Version | How to fix |
---|---|---|
Gitea Gitea | =1.7.2 | |
Gitea Gitea | =1.7.3 | |
go/code.gitea.io/gitea | >=1.7.2<1.7.4 | 1.7.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2019-1010314.
The title of the vulnerability is 'Gitea 1.7.2 1.7.3 is affected by: Cross Site Scripting (XSS).'
The impact is to execute JavaScript in the victim's browser when the vulnerable repository page is loaded.
The affected component is the repository's description.
The attack vector is that the victim must navigate to a public and affected repository page.
Gitea versions 1.7.2 and 1.7.3 are affected.
The severity of CVE-2019-1010314 is medium with a CVSS score of 6.1.
To fix the vulnerability, you should upgrade Gitea to a version that is not affected, such as a version after 1.7.3.
You can find more information about the vulnerability on the GitHub page for Gitea releases.
The CWE category of the vulnerability is CWE-79 (Cross-Site Scripting).