PT-2025-53438 · Gitea+1 · Gitea+1

Dankar

·

Publicado

2025-12-26

·

Atualizado

2026-02-24

·

CVE-2025-68941

CVSS v3.1

5.3

Média

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.3
Description Gitea improperly manages access controls, potentially allowing unauthorized access to private resources when an API token with limited scope is used. Specifically, the issue arises when an API token is granted access only to public resources, but is then used to access private resources. The API token's scope is not correctly enforced, leading to potential information disclosure.
Recommendations Update to Gitea version 1.22.3 or later.

Correção

LPE

Incorrect Authorization

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-863

Identificadores relacionados

BIT-GITEA-2025-68941
CVE-2025-68941
GHSA-XFQ3-QJ7J-4565
GO-2025-4268
SUSE-SU-2026:0037-1

Produtos afetados

Gitea
Red Os