Base Score

CRITICAL9.8

CVE-2021-45330

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.

VectorNETWORK

Published Bycve@mitre.org

Published DateFeb 09, 2022, 18:15

Affected Versions(1)

code.gitea.io/gitea(Go)

Introduced0

Fixed1.6.0

LimitN/A

Package (Ecosystem)	Introduced	Fixed	Limit
code.gitea.io/gitea(Go)	0	1.6.0	N/A

Weakness Type (CWE):CWE-459

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH

References

https://github.com/go-gitea/gitea/issues/4336

Base Score

CRITICAL9.8

Weakness Type (CWE):CWE-459

CVSS Metrics

Base Score

9.8

Vector String

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Base Severity

CRITICAL

Version

3.1

Attack Vector (AV)

NETWORK

Attack Complexity (AC)

LOW

Privileges Required (PR)

NONE

User Interaction (UI)

NONE

Scope (S)

UNCHANGED

Confidentiality (C)

HIGH

Integrity (I)

HIGH

Availability (A)

HIGH