BIT-gitea-2026-0798

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/gitea/BIT-gitea-2026-0798.json

JSON Data

https://api.osv.dev/v1/vulns/BIT-gitea-2026-0798

Aliases

Published

2026-01-30T08:40:33.870Z

Modified

2026-02-02T22:25:58.854060Z

Summary

Gitea Release Email Notifications Leak Private Repository Release Details After Access Revocation

Details

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags, and content.

Database specific

{
    "cpes": [
        "cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*"
    ],
    "severity": "Low"
}

References

Affected packages

Bitnami / gitea

Package

Name: gitea
Purl: pkg:bitnami/gitea

Severity

3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.25.4

Database specific

source

"https://github.com/bitnami/vulndb/tree/main/data/gitea/BIT-gitea-2026-0798.json"