Lucene search
K

5 matches found

OSV
OSV
added 2026/07/03 8:19 p.m.5 views

CVE-2026-28744 Gitea Git smart HTTP bypasses repository token scopes for bearer tokens

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...

8.1CVSS7.1AI score0.00343EPSS
Exploits0References6
CVE
CVE
added 2026/07/03 8:19 p.m.45 views

CVE-2026-28744

Gitea

8.1CVSS7.1AI score0.00343EPSS
Exploits0References4
OSV
OSV
added 2026/06/25 6:43 p.m.3 views

GO-2026-5321 Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea

Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea...

8.1CVSS5.8AI score0.00343EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/24 8:30 p.m.6 views

CVE-2026-52810

Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...

7.1CVSS5.9AI score0.00427EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2026/06/16 11:38 p.m.11 views

Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens

Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — CheckRepoScopedToken returns early unless ctx.IsBasicAuth is true — so the same...

8.1CVSS5.4AI score0.00343EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder