Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-68945

Опубликовано: 26 дек. 2025
Источник: redhat
CVSS3: 5.3
EPSS Низкий

Описание

In Gitea before 1.21.2, an anonymous user can visit a private user's project.

A flaw was found in Gitea. An anonymous user can exploit this vulnerability by visiting a private user's project, leading to unauthorized information disclosure. This allows an attacker to view details of projects that should remain private.

Отчет

This vulnerability is rated Moderate. In the Red Hat context, impact is limited as the vulnerable code is not present in Red Hat OpenShift Pipelines components.

Меры по смягчению последствий

Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-cli-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-cli-rhel9Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-controller-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-controller-rhel9Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-watcher-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-webhook-rhel8Not affected
OpenShift Pipelinesopenshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-359
https://bugzilla.redhat.com/show_bug.cgi?id=2425474gitea: Gitea: Information disclosure via anonymous access to private user projects

EPSS

Процентиль: 2%
0.00012
Низкий

5.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2025-68945

CVSS3: 5.8
ubuntu
3 месяца назад

In Gitea before 1.21.2, an anonymous user can visit a private user's project.

nvd логотип

CVE-2025-68945

CVSS3: 5.8
nvd
3 месяца назад

In Gitea before 1.21.2, an anonymous user can visit a private user's project.

debian логотип

CVE-2025-68945

CVSS3: 5.8
debian
3 месяца назад

In Gitea before 1.21.2, an anonymous user can visit a private user's p ...

github логотип

GHSA-7xq4-mwcp-q8fx

CVSS3: 5.8
github
3 месяца назад

Gitea: anonymous user can visit private user's project

EPSS

Процентиль: 2%
0.00012
Низкий

5.3 Medium

CVSS3