CNNVD-202601-3463 Information
CNNVD ID
CNNVD-202601-3463
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于秒表API未重新验证仓库访问权限,可能导致用户对私有仓库的访问权限被撤销后,仍能通过先前启动的秒表查看问题标题和仓库名称。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. Gitea has a security loophole, which stems from the fact that the Second Schedule API did not re-validate access to the warehouse, which could result in the user’s access to the private warehouse being revoked and the question title and the name of the warehouse being viewed through the previously activated Second Schedule.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36340 https://github.com/go-gitea/gitea/pull/36368 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-644v-xv3j-xgqg
Patch
https://github.com/go-gitea/gitea/releases
Share on: