Miggo Logo

CVE-2021-45329: Cross-site Scripting in Gitea

6.1

CVSS Score
3.1

Basic Information

EPSS Score
0.70321%
Published
2/10/2022
Updated
2/3/2023
KEV Status
No
Technology
TechnologyGo

Technical Details

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
github.com/go-gitea/giteago< 1.5.11.5.1

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The XSS vulnerability stemmed from improper validation of user-supplied URLs in repository settings. The PR #4710 added enhanced URL validation (blocking localhost and dangerous schemes), indicating the UpdateRepoPost handler in routers/repo/setting.go processed these URLs without adequate validation. The validation.IsValidURL function in older versions lacked proper scheme whitelisting, allowing XSS payloads via javascript: URIs. These functions directly handled the vulnerable input field processing and validation.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*ross Sit* S*riptin* (XSS) vuln*r**ility *xists in *it** ***or* *.*.* vi* t** r*pository s*ttin*s insi** t** *xt*rn*l wiki/issu* tr**k*r URL *i*l*.

Reasoning

T** XSS vuln*r**ility st*mm** *rom improp*r `v*li**tion` o* us*r-suppli** URLs in r*pository s*ttin*s. T** PR #**** ***** *n**n*** URL `v*li**tion` (*lo*kin* lo**l*ost *n* **n**rous s***m*s), in*i**tin* t** `Up**t*R*poPost` **n*l*r in `rout*rs/r*po/s