Dankar

**Name of the Vulnerable Software and Affected Versions** Gitea versions prior to 1.22.3 **Description** Gitea improperly manages access controls, potentially allowing unauthorized access to private resources when an API token with limited scope is used. Specifically, the issue arises when an API token is granted access only to public resources, but is then used to access private resources. The API token's scope is not correctly enforced, leading to potential information disclosure. **Recommendations** Update to Gitea version 1.22.3 or later.