CNNVD-202601-3460 Information
CNNVD ID
CNNVD-202601-3460
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于切换OpenID URI可见性时未正确验证所有权,可能导致经过身份验证的用户更改其他用户的OpenID身份可见性设置。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. Gitea has a security loophole, which stems from the incorrect verification of ownership at the time of switching OpenID URI visibility, which may result in the identity of other users changing the OpenID identity settings.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36346 https://github.com/go-gitea/gitea/pull/36361 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-jrpc-w85r-hgqx
Patch
https://github.com/go-gitea/gitea/releases
Share on: