Miggo Logo

CVE-2019-1010314: Gitea XSS Vulnerability in Repository Description

6.1

CVSS Score
3.0

Basic Information

EPSS Score
0.49477%
Published
5/24/2022
Updated
4/24/2024
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
code.gitea.io/giteago>= 1.7.2, < 1.7.41.7.4

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stemmed from improper HTML sanitization in repository descriptions. The commit diff shows the vulnerable version used descPattern.ReplaceAllStringFunc with a sanitize function that wrapped URLs in anchor tags but didn't properly handle all XSS vectors. The patch replaced this with markup.RenderDescriptionHTML which adds proper link processing and additional sanitization. The key vulnerable function was DescriptionHTML in models/repo.go which handled the unsafe rendering before proper security processing was added in the fix.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*it** *.*.*, *.*.* is *****t** *y: *ross Sit* S*riptin* (XSS). T** imp**t is: *x**ut* J*v*S*ript in vi*tim's *rows*r, w**n t** vuln*r**l* r*po p*** is lo****. T** *ompon*nt is: r*pository's **s*ription. T** *tt**k v**tor is: vi*tim must n*vi**t* to p

Reasoning

T** vuln*r**ility st*mm** *rom improp*r *TML s*nitiz*tion in r*pository **s*riptions. T** *ommit *i** s*ows t** vuln*r**l* v*rsion us** `**s*P*tt*rn.R*pl****llStrin**un*` wit* * `s*nitiz*` *un*tion t**t wr*pp** URLs in *n**or t**s *ut *i*n't prop*rly