Описание
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
An information exposure flaw has been discovered in Gitea. Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Pipelines | openshift-pipelines/pipelines-opc-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-cli-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-controller-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
3.5 Low
CVSS3
Связанные уязвимости
Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.
Gitea may send release notification emails for private repositories to ...
Gitea may send release notification emails for private repositories to users whose access has been revoked
3.5 Low
CVSS3