GHSA-8fwc-qjw5-rvgp

Опубликовано: 23 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 2.3

Описание

Gitea may send release notification emails for private repositories to users whose access has been revoked

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

Ссылки

Пакеты

Наименование

code.gitea.io/gitea

Затронутые версииВерсия исправления

< 1.25.4

1.25.4

EPSS

Процентиль: 3%

0.00016

Низкий

2.3 Low

CVSS4

CVE ID

CVE-2026-0798

Дефекты

CWE-284

Связанные уязвимости

CVE-2026-0798

CVSS3: 3.5

nvd

15 дней назад

CVE-2026-0798

CVSS3: 3.5

debian

15 дней назад

Gitea may send release notification emails for private repositories to ...

EPSS

Процентиль: 3%

0.00016

Низкий

2.3 Low

CVSS4

CVE ID

CVE-2026-0798

Дефекты

CWE-284