CVE-2026-20904

Medium CVSS: 6.5

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

Vendor

Gitea

Product

Gitea

CWE

CWE-284

Yayın Tarihi

2026-01-22 22:16:19

Güncelleme

2026-01-29 22:03:08

Source Identifier

88ee5874-cf24-4952-aea0-31affedb7ff2

KEV Date Added

Kategoriler

CWE-284 Gitea MEDIUM Gitea 2026

Referanslar

https://blog.gitea.com/release-of-1.25.4/ https://github.com/go-gitea/gitea/pull/36346 https://github.com/go-gitea/gitea/pull/36361 https://github.com/go-gitea/gitea/releases/tag/v1.25.4 https://github.com/go-gitea/gitea/security/advisories/GHSA-jrpc-w85r-hgqx

Benzer Kayıtlar

Critical

CVE-2026-20912

Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a…

Critical

CVE-2026-20897

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repos…

High

CVE-2026-20736

Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachmen…

Critical

CVE-2026-20750

Gitea does not properly validate project ownership in organization project operations. A user with project write access…

Medium

CVE-2026-20800

Gitea's notification API does not re-validate repository access permissions when returning notification details. After a…

Medium

CVE-2026-20883

Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository…