PT-2026-6458 · Go · Code.Gitea.Io/Gitea

Published

2026-01-01

·

Updated

2026-01-01

CVSS v3.1

5.3

Medium

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
In Gitea before 1.25.2, /api/v1/user has different responses for failed authentication depending on whether a username exists.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-204

Related Identifiers

GHSA-PC73-RJ2C-WVF9

Affected Products

Code.Gitea.Io/Gitea