2 matches found
Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources...
CVE-2025-68941
CVE-2025-68941 affects Gitea prior to 1.22.3, where an API token scoped to public resources could be used to access private resources. The issue arises from mishandling access controls, enabling unauthorized disclosure from private repositories or other sensitive data. Affected components include...