CNNVD-202601-3459 Information
CNNVD ID
CNNVD-202601-3459
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于将附件链接到发布版本时未正确验证仓库所有权,可能导致上传到私有仓库的附件被链接到不同公共仓库的发布版本,从而被未授权用户访问。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. Gitea had a security loophole, which stemmed from the incorrect verification of warehouse ownership at the time the annex was linked to the release version, and could lead to the uploading of annexes to private warehouses to the release version of different public warehouses, thus being accessed by unauthorized users.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36320 https://github.com/go-gitea/gitea/pull/36355 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-vfmv-f93v-37mw
Patch
https://github.com/go-gitea/gitea/releases
Share on: