CNNVD-202601-3461 Information
CNNVD ID
CNNVD-202601-3461
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于删除Git LFS锁时未正确验证仓库所有权,可能导致拥有一个仓库写入权限的用户删除属于其他仓库的LFS锁。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. Gitea had a security loophole, which stemmed from the incorrect verification of warehouse ownership when removing the Git LFS lock, which could lead users with one warehouse write-in permission to remove the LFS locks belonging to other warehouses.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36344 https://github.com/go-gitea/gitea/pull/36349 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-rrq5-r9h5-pc7c
Patch
https://github.com/go-gitea/gitea/releases
Share on: