GHSA-qqgv-v353-cv8p

Опубликовано: 23 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 5.3

Описание

Gitea does not properly validate ownership when toggling OpenID URI visibility

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

Ссылки

Пакеты

Наименование

github.com/go-gitea/gitea

Затронутые версииВерсия исправления

< 1.25.4

1.25.4

EPSS

Процентиль: 1%

0.00011

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2026-20904

Дефекты

CWE-284

Связанные уязвимости

CVE-2026-20904

CVSS3: 6.5

redhat

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

CVE-2026-20904

CVSS3: 6.5

nvd

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

CVE-2026-20904

CVSS3: 6.5

debian

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI vi ...

ROS-20260224-73-0026

CVSS3: 6.5

redos

около 1 месяца назад

Уязвимость gitea

EPSS

Процентиль: 1%

0.00011

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2026-20904

Дефекты

CWE-284