GHSA-qqgv-v353-cv8p

Опубликовано: 23 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 5.3

Описание

Gitea does not properly validate ownership when toggling OpenID URI visibility

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

Ссылки

Пакеты

Наименование

github.com/go-gitea/gitea

Затронутые версииВерсия исправления

< 1.25.4

1.25.4

EPSS

Процентиль: 8%

0.00029

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2026-20904

Дефекты

CWE-284

Связанные уязвимости

CVE-2026-20904

CVSS3: 6.5

nvd

15 дней назад

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

CVE-2026-20904

CVSS3: 6.5

debian

15 дней назад

Gitea does not properly validate ownership when toggling OpenID URI vi ...

EPSS

Процентиль: 8%

0.00029

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2026-20904

Дефекты

CWE-284