CVE-2026-20904

Опубликовано: 22 янв. 2026

Источник: debian

Описание

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitea	removed			package

Связанные уязвимости

CVE-2026-20904

CVSS3: 6.5

redhat

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

CVE-2026-20904

CVSS3: 6.5

nvd

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

ROS-20260224-73-0026

CVSS3: 6.5

redos

около 1 месяца назад

Уязвимость gitea

GHSA-qqgv-v353-cv8p

github

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI visibility