Persistent Session Vulnerability in Gitea through 1.15.7

Persistent Session Vulnerability in Gitea through 1.15.7

CVE-2021-45330 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

An issue exsits in Gitea through 1.15.7, which could let a malicious user gain privileges due to client side cookies not being deleted and the session remains valid on the server side for reuse.

Learn more about our Cis Benchmark Audit For Server Software.