Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68943

Опубликовано: 26 дек. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

A flaw was found in Gitea. This vulnerability allows for the inadvertent disclosure of users' login times. A remote attacker can exploit this by utilizing the lastlogintime explore/users sort order, leading to the exposure of sensitive user activity information.

Отчет

In the Red Hat context, in Red Hat OpenShift Pipelines components are not affected as the vulnerable code is not present.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-cli-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-cli-rhel9Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-controller-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-controller-rhel9Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-watcher-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-webhook-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-497
https://bugzilla.redhat.com/show_bug.cgi?id=2425465gitea: Gitea: Information disclosure of user login times via sort order

EPSS

Процентиль: 2%
0.00012
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-68943

CVSS3: 5.3
ubuntu
3 месяца назад

Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

nvd логотип

CVE-2025-68943

CVSS3: 5.3
nvd
3 месяца назад

Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

debian логотип

CVE-2025-68943

CVSS3: 5.3
debian
3 месяца назад

Gitea before 1.21.8 inadvertently discloses users' login times by allo ...

github логотип

GHSA-jhx5-4vr4-f327

CVSS3: 5.3
github
3 месяца назад

Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

EPSS

Процентиль: 2%
0.00012
Низкий

5.3 Medium

CVSS3

Уязвимость CVE-2025-68943