5 matches found
CVE-2026-28744 Gitea Git smart HTTP bypasses repository token scopes for bearer tokens
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...
CVE-2026-28744
Gitea
GO-2026-5321 Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens in code.gitea.io/gitea...
CVE-2026-52810
Gogs is an open source self-hosted Git service. Prior to 0.14.3, Git smart HTTP authorizes POST …/git-receive-pack using the client-supplied service query string so ?service=git-upload-pack is evaluated as read access while routing still runs git receive-pack, allowing push where only read should...
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens
Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — CheckRepoScopedToken returns early unless ctx.IsBasicAuth is true — so the same...