BIT-GITEA-2025-68941

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

GO-2025-4268 Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea...

Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

GHSA-XFQ3-QJ7J-4565 Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

CVE-2025-68941

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

EUVD-2025-205408

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

CVE-2025-68941

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

CVE-2025-68941

CVE-2025-68941 affects Gitea prior to 1.22.3, where an API token scoped to public resources could be used to access private resources. The issue arises from mishandling access controls, enabling unauthorized disclosure from private repositories or other sensitive data. Affected components include...

CVE-2025-68941

Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...

CVE-2024-27090 Decidim vulnerable to data disclosure through the embed feature

Decidim is a participatory democracy framework, written in Ruby on Rails, originally developed for the Barcelona City government online and offline participation website. If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embbeded such as a...

Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches version 0.27.6...

Decidim vulnerable to data disclosure through the embed feature

Impact If an attacker can infer the slug or URL of an unpublished or private resource, and this resource can be embedded such as a Participatory Process, an Assembly, a Proposal, a Result, etc, then some data of this resource could be accessed. Patches Version 0.27.6...