CNNVD-202601-3462 Information
CNNVD ID
CNNVD-202601-3462
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于通过Web界面取消计划自动合并时未正确验证授权,可能导致拥有拉取请求读取权限的用户取消其他用户计划的自动合并。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. There is a security loophole in Gitea, which stems from the incorrect verification of the authorization when the plan is automatically merged through the Web interface, which may result in users who have access to the request for access to cancel the automatic consolidation of other user plans.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36341 https://github.com/go-gitea/gitea/pull/36356 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-ccq9-c5hv-cf64
Patch
https://github.com/go-gitea/gitea/releases
Share on: