FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- Open Redirect on login

Affected packages
gitea < 1.16.5

Details

VuXML ID 83466f76-aefe-11ec-b4b6-d05099c0c059
Discovery 2022-03-23
Entry 2022-03-29

Andrew Thornton reports:

When a location containing backslashes is presented, the existing protections against open redirect are bypassed, because browsers will convert adjacent forward and backslashes within the location to double forward slashes.

References

CVE Name CVE-2022-1058
URL https://huntr.dev/bounties/4fb42144-ac70-4f76-a5e1-ef6b5e55dc0d/