CNNVD-202601-3465 Information
CNNVD ID
CNNVD-202601-3465
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于删除附件时未正确验证仓库上下文,可能导致用户在失去对某个仓库的访问权限后,仍可通过其可访问的其他仓库发起请求删除附件。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. Gitea had a security loophole, which stemmed from the fact that the context of the warehouse had not been correctly verified when the annex had been deleted, and could lead users to initiate requests for the removal of the annex through other warehouses that they could access after losing access to a warehouse.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36320 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-jr6h-pwwp-c8g6
Patch
https://github.com/go-gitea/gitea/releases
Share on: