CVE-2026-0798

EPSS 0.24%
Veröffentlicht 22.01.2026 22:16:15
Zuletzt bearbeitet 29.01.2026 21:59:24
Quelle 88ee5874-cf24-4952-aea0-31affe
CVE-Watchlists
Login
Unerledigt
Login

Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Gitea ≫ Gitea SwPlatform- Version < 1.25.4

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.24%	0.145

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	3.5	2.1	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://blog.gitea.com/release-of-1.25.4/

Release Notes

https://github.com/go-gitea/gitea/pull/36319

Patch

Issue Tracking

https://github.com/go-gitea/gitea/releases/tag/v1.25.4

Release Notes

https://github.com/go-gitea/gitea/security/advisories/GHSA-f4wq-6ww5-m56p

Broken Link

https://nvd.nist.gov/vuln/detail/CVE-2026-0798

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-0798

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-0798

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-0798