CNNVD-202601-3468 Information

CNNVD ID

CNNVD-202601-3468

Related CVE

CVE-2026-0798

• CNNVD Published: 2026-01-22

Description (Chinese)

Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞，该漏洞源于未正确验证仓库访问权限，可能导致向已撤销访问权限的用户发送私有仓库的发布通知邮件，泄露发布信息。

Description (English)

Gitea is a light-size git service developed by Go in the Gitea community. Gitea had a security loophole, which stemmed from an incorrect validation of warehouse access rights, which could lead to the sending of a message from a privately owned warehouse to users who had withdrawn access rights and leaking the release information.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gitea

Published

2026-01-22

Last Modified

2026-02-24

References

https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36319 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-f4wq-6ww5-m56p

Patch

https://github.com/go-gitea/gitea/releases