Lucene search
+L

14 matches found

veracode
veracode
added 2026/03/20 4:50 a.m.4 views

Information Disclosure

code.gitea.io/gitea is vulnerable to information disclosure. The vulnerability is due to improper exposure of user metadata through sortable fields such as last login time, which allows an attacker to infer users' login activity by manipulating the explore/users sort order...

5.3CVSS7.2AI score0.00328EPSS
Exploits0References5Affected Software3
susecve
susecve
added 2026/01/06 12:23 a.m.5 views

SUSE CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7AI score0.00328EPSS
Exploits0References2
osv
osv
added 2026/01/01 11:37 a.m.5 views

BIT-GITEA-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.9AI score0.00328EPSS
Exploits0References4
osv
osv
added 2025/12/30 1:49 a.m.8 views

GO-2025-4266 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

Gitea inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order in code.gitea.io/gitea...

5.3CVSS6.9AI score0.00328EPSS
Exploits0References5
snyk
snyk
added 2025/12/26 6:30 a.m.1 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
snyk
snyk
added 2025/12/26 6:30 a.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
snyk
snyk
added 2025/12/26 6:30 a.m.2 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
snyk
snyk
added 2025/12/26 6:30 a.m.3 views

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the lastlogintime sort order in the explore/users page. An attacker can obtain sensitive information about users' login times by querying the user exploratio...

6.9CVSS6.5AI score0.00328EPSS
Exploits0References2
osv
osv
added 2025/12/26 6:30 a.m.6 views

GHSA-JHX5-4VR4-F327 Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.8AI score0.00328EPSS
Exploits0References5
github
github
added 2025/12/26 6:30 a.m.11 views

Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS7AI score0.00328EPSS
Exploits0References5Affected Software1
nvd
nvd
added 2025/12/26 4:15 a.m.8 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS0.00328EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2025/12/26 3:19 a.m.2 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.6AI score0.00328EPSS
Exploits0References3
osv
osv
added 2025/12/26 3:19 a.m.4 views

CVE-2025-68943

Gitea before 1.21.8 inadvertently discloses users' login times by allowing for example the lastlogintime explore/users sort order...

5.3CVSS6.9AI score0.00328EPSS
Exploits0References5
ptsecurity
ptsecurity
added 2025/12/26 12:0 a.m.3 views

PT-2025-53441

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.21.8 Description The software reveals user login times due to allowing sorting by last login time in the explore/users section. Recommendations Update to version 1.21.8 or later...

5.3CVSS6.6AI score0.00328EPSS
Exploits0References10
Rows per page
Query Builder