Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68940

Опубликовано: 26 дек. 2025
Источник: redhat
CVSS3: 3.1
EPSS Низкий

Описание

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

A flaw was found in Gitea, a self-hosted Git service. After a pull request is merged, the system inadequately enforces branch deletion permissions. This allows an attacker with low privileges to delete branches without proper authorization, potentially leading to unauthorized changes to the repository's history and integrity.

Отчет

This vulnerability is rated Low for Red Hat OpenShift Pipelines. The flaw in Gitea, integrated with OpenShift Pipelines, allows a low-privileged attacker to delete branches without proper authorization after a pull request is merged. This could compromise the integrity and history of affected repositories.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-cli-rhel8Out of support scope
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-cli-rhel9Out of support scope
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-controller-rhel8Out of support scope
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-controller-rhel9Out of support scope
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-watcher-rhel8Out of support scope
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9Out of support scope
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-webhook-rhel8Out of support scope
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-863
https://bugzilla.redhat.com/show_bug.cgi?id=2425461gitea: Gitea: Unauthorized branch deletion due to inadequate permission enforcement

EPSS

Процентиль: 3%
0.00014
Низкий

3.1 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-68940

CVSS3: 3.1
ubuntu
3 месяца назад

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

nvd логотип

CVE-2025-68940

CVSS3: 3.1
nvd
3 месяца назад

In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.

debian логотип

CVE-2025-68940

CVSS3: 3.1
debian
3 месяца назад

In Gitea before 1.22.5, branch deletion permissions are not adequately ...

redos логотип

ROS-20260224-73-0035

CVSS3: 5.3
redos
около 1 месяца назад

Уязвимость gitea

github логотип

GHSA-rrcw-5rjv-vj26

CVSS3: 3.1
github
3 месяца назад

Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.

EPSS

Процентиль: 3%
0.00014
Низкий

3.1 Low

CVSS3