CNNVD-202601-033 Information

CNNVD ID

CNNVD-202601-033

Related CVE

CVE-2025-69413

• CNNVD Published: 2026-01-01

Description (Chinese)

Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea 1.25.2之前版本存在安全漏洞，该漏洞源于/api/v1/user接口对失败身份验证的响应因用户名是否存在而异，可能导致用户名枚举。

Description (English)

Gitea is a light-size git service developed by Go in the Gitea community. There was a security loophole in the preGitea 1.25.2 version, which originated in the response of the /api/v1/user interface to failed authentication, depending on the existence of the user name, which could lead to the listing of the user.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gitea

Published

2026-01-01

Last Modified

2026-02-24

References

https://blog.gitea.com/release-of-1.25.2/ https://github.com/go-gitea/gitea/issues/35984 https://github.com/go-gitea/gitea/pull/36002 https://github.com/go-gitea/gitea/releases/tag/v1.25.2

Patch

https://github.com/go-gitea/gitea/releases