CVE-2026-20904

Опубликовано: 22 янв. 2026

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

Ссылки

https://blog.gitea.com/release-of-1.25.4/
Release Notes
https://github.com/go-gitea/gitea/pull/36346
Issue Tracking
Patch
https://github.com/go-gitea/gitea/pull/36361
Issue Tracking
Patch
https://github.com/go-gitea/gitea/releases/tag/v1.25.4
Release Notes
https://github.com/go-gitea/gitea/security/advisories/GHSA-jrpc-w85r-hgqx
Broken Link

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*

Версия до 1.25.4 (исключая)

EPSS

Процентиль: 1%

0.00011

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284

Связанные уязвимости

CVE-2026-20904

CVSS3: 6.5

redhat

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

CVE-2026-20904

CVSS3: 6.5

debian

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI vi ...

ROS-20260224-73-0026

CVSS3: 6.5

redos

около 1 месяца назад

Уязвимость gitea

GHSA-qqgv-v353-cv8p

github

2 месяца назад

Gitea does not properly validate ownership when toggling OpenID URI visibility

EPSS

Процентиль: 1%

0.00011

Низкий

6.5 Medium

CVSS3

Дефекты

CWE-284