Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

github логотип

GHSA-j8xr-c56q-m8jj

Опубликовано: 23 янв. 2026
Источник: github
Github: Прошло ревью
CVSS4: 2.3

Описание

Gitea improperly exposes issue titles and repository names through previously started stopwatches

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.

Ссылки

Пакеты

Наименование

github.com/go-gitea/gitea

go
Затронутые версииВерсия исправления

< 1.25.4

1.25.4

EPSS

Процентиль: 1%
0.00011
Низкий

2.3 Low

CVSS4

CVE ID

CVE-2026-20883

Дефекты

CWE-284

Связанные уязвимости

redhat логотип

CVE-2026-20883

CVSS3: 6.5
redhat
2 месяца назад

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.

nvd логотип

CVE-2026-20883

CVSS3: 6.5
nvd
2 месяца назад

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.

debian логотип

CVE-2026-20883

CVSS3: 6.5
debian
2 месяца назад

Gitea's stopwatch API does not re-validate repository access permissio ...

redos логотип

ROS-20260224-73-0028

CVSS3: 6.5
redos
около 1 месяца назад

Уязвимость gitea

EPSS

Процентиль: 1%
0.00011
Низкий

2.3 Low

CVSS4

CVE ID

CVE-2026-20883

Дефекты

CWE-284