CVE-2018-1000803

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.5.1

Description The issue results in the exposure of users' private email addresses. This can be exploited by watching a repository to receive email notifications, which contain the other recipients even if they have their email set as private.

Recommendations For versions prior to 1.5.1, update to version 1.5.1 or later to resolve the issue. As a temporary workaround, consider avoiding watching repositories to minimize the risk of exposing private email addresses. Restrict access to email notifications to minimize the risk of exploitation.