CNNVD-202601-3464 Information
CNNVD ID
CNNVD-202601-3464
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于通知API在返回通知详情时未重新验证仓库访问权限,可能导致用户对私有仓库的访问权限被撤销后,仍能通过先前收到的通知查看问题和拉取请求标题。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. There is a security loophole in Gitea, which stems from the fact that notification API did not revalidate the access to the warehouse at the time of return of the details of the notification, which could result in the user’s access to the private warehouse being withdrawn and the question and the request title being viewed through the previously received notification.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://github.com/go-gitea/gitea/pull/36339 https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-g54m-9f6g-wj7q https://access.redhat.com/security/cve/cve-2026-20800
Patch
https://github.com/go-gitea/gitea/releases
Share on: