What is CVE-2021-45326?

CVE-2021-45326 is a high-severity software vulnerability (Cross-site request forgery (CSRF)) with a CVSS score of 8.8. Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.

Is CVE-2021-45326 being actively exploited?

It is not currently in CISA's KEV catalog. Its EPSS exploitation probability is 1%.

What products does CVE-2021-45326 affect?

Tracked products affected include Gitea. Check the version you run to see whether it is affected.

How do I fix CVE-2021-45326?

Apply the vendor fix promptly. An official patch or advisory is available. Upgrade affected products to a fixed version.

← All products

CVE-2021-45326

HIGH severity · CVSS 8.8 · Cross-site request forgery (CSRF)

8.8CVSS HIGH

Summary

Cross Site Request Forgery (CSRF) vulnerability exists in Gitea before 1.5.2 via API routes.This can be dangerous especially with state altering POST requests.

Impact & exploitability

Attack vectorNetwork

Attack complexityLow

Privileges requiredNone

User interactionRequired

Confidentiality impactHigh

Integrity impactHigh

Availability impactHigh

Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products we track (1)

Gitea

Recommendation

Apply the vendor fix promptly. Open any affected product above for its exact safe version.

Official patch: https://github.com/go-gitea/gitea/pull/4840 ↗

Additional information

NVD record
https://github.com/go-gitea/gitea/pull/4840Patch
https://blog.gitea.io/2018/10/gitea-1.5.2-is-released/Advisory
https://github.com/go-gitea/gitea/issues/4838Advisory