First published: Tue Feb 08 2022(Updated: )
Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gitea Gitea | <1.5.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-45326 is a Cross Site Request Forgery (CSRF) vulnerability that exists in Gitea before version 1.5.2 via API routes.
CVE-2021-45326 allows an attacker to perform unauthorized actions on behalf of a user by tricking them into clicking on a specially crafted link or website.
CVE-2021-45326 has a severity rating of 8.8 (high).
To fix CVE-2021-45326, you should upgrade Gitea to version 1.5.2 or later, as this version includes a fix for the vulnerability.
You can find more information about CVE-2021-45326 on the National Vulnerability Database (NVD) website and the GitHub links provided.