VDB
KO
HIGH 8.2

GHSA-8qw8-rq86-9pc2

Gitea has insufficient permission checks for Composer package source links

Details

### CVE Description Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.

### Summary A critical vulnerability has been discovered in Gitea. It was already reported via (security@gitea.io) from (dev@noscope.com), and submitted an encrypted report.

Are you affected?

Enter the version of the package you're using.

Affected packages

Go / code.gitea.io/gitea
Introduced in: 0 Fixed in: 1.26.2
Fix go get code.gitea.io/gitea@v1.26.2

References