CNNVD-202601-3466 Information
CNNVD ID
CNNVD-202601-3466
Related CVE
- CNNVD Published: 2026-01-22
Description (Chinese)
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于未正确验证组织项目操作中的项目所有权,可能导致拥有一个组织项目写入权限的用户修改其他组织的项目。
Description (English)
Gitea is a light-size git service developed by Go in the Gitea community. Gitea had a security loophole, which stemmed from the incorrect validation of project ownership in the operation of the organization ’ s projects, which could lead to changes in the projects of other organizations by users with the right to write in one organization ’ s projects.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Gitea
Published
2026-01-22
Last Modified
2026-02-24
References
https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36318 https://github.com/go-gitea/gitea/pull/36373 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-h4fh-pc4w-8w27
Patch
https://github.com/go-gitea/gitea/releases
Share on: