CVE-2018-15192
- Source
- https://cve.org/CVERecord?id=CVE-2018-15192
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-15192.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2018-15192
- Aliases
- Published
- 2018-08-08T02:29:00.273Z
- Modified
- 2026-04-10T04:06:11.316921Z
- Severity
-
- 8.6 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
- References
Affected packages
Git / github.com/go-gitea/gitea
Affected ranges
- Type
- GIT
- Repo
- https://github.com/go-gitea/gitea
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affectedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "0" }, { "fixed": "1.5.0" }, { "introduced": "0" }, { "last_affected": "1.5.0-rc1" }, { "introduced": "0" }, { "last_affected": "1.5.0-rc2" } ] }
Affected versions
v0.*
v0.10
v0.10.18
v0.10.8
v0.10rc
v0.11
v0.11.19
v0.11.29
v0.11.33
v0.11.34
v0.11.4
v0.11.43
v0.11.53
v0.11rc
v0.2.0
v0.3.0
v0.3.1
v0.4.0
v0.4.1
v0.4.2
v0.5.0
v0.5.11
v0.5.13
v0.5.2
v0.5.5
v0.5.8
v0.5.9
v0.6.1
v0.6.15
v0.6.3
v0.6.9
v0.7.0
v0.7.19
v0.7.22
v0.7.33
v0.7.6
v0.8.0
v0.8.10
v0.8.25
v0.8.43
v0.9.0
v0.9.113
v0.9.128
v0.9.13
v0.9.141
v0.9.46
v0.9.48
v0.9.60
v0.9.71
v0.9.97
v0.9.99
v1.*
v1.0.0
v1.1.0
v1.5.0-dev
v1.5.0-rc1
v1.5.0-rc2