Incomplete Cleanup

CVE-2021-45330

High

9.8/10

Summary

An issue exists in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: HIGH
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: HIGH
Availability Impact: HIGH

CWE-459 - Incomplete Cleanup

The software does not properly "clean up" and remove temporary or supporting resources after they have been used.

References

Advisory
Issue
Pull request

Advisory Timeline

Published Feb 09, 2022

Incomplete Cleanup

CVE-2021-45330

Summary

CWE-459 - Incomplete Cleanup

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS