Lucene search
K

11 matches found

NVD
NVD
added 2026/07/03 9:17 p.m.6 views

CVE-2026-28744

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...

8.1CVSS0.00343EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/07/03 8:19 p.m.39 views

CVE-2026-28744 Gitea Git smart HTTP bypasses repository token scopes for bearer tokens

Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...

8.1CVSS0.00343EPSS
Exploits0References4
CVE
CVE
added 2026/07/03 8:19 p.m.19 views

CVE-2026-27761

Gitea versions up to and including 1.26.2 expose private repository commit data via RSS/Atom feed endpoints by bypassing API access token scope checks. This affects feeds that do not enforce repository scope, allowing tokens without repository scope to access private data. Public references indic...

4.3CVSS7.1AI score0.00367EPSS
Exploits0References4
NVD
NVD
added 2026/07/01 9:16 p.m.7 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS0.00215EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/07/01 9:3 p.m.5 views

CVE-2026-14340

An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...

5.3CVSS5.8AI score0.00215EPSS
Exploits0References7Affected Software1
OSV
OSV
added 2026/06/16 11:42 p.m.7 views

GHSA-CR4G-F395-H25H Gitea: Token scope bypass on web archive download endpoint

Summary PR 37698 added checkDownloadTokenScope to /raw/, /media/, and attachment download web endpoints. The /archive/ endpoint repo.Download in routers/web/repo/repo.go:372 was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2 registered at...

5.3CVSS5.4AI score0.00403EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/16 11:38 p.m.10 views

Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens

Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — CheckRepoScopedToken returns early unless ctx.IsBasicAuth is true — so the same...

8.1CVSS5.4AI score0.00343EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.29 views

PT-2026-50138

Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.1 Description In the Git Smart HTTP path, the system fails to enforce repository-scoped access-token permissions when tokens are provided via Bearer authentication. While the CheckRepoScopedToken function is design...

8.1CVSS5.9AI score0.00343EPSS
Exploits0References14
EUVD
EUVD
added 2026/03/10 9:32 p.m.9 views

EUVD-2026-10828

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/03/10 6:56 p.m.32 views

CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope

An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...

5.3CVSS0.00248EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/03/10 12:0 a.m.12 views

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there were security...

5.3CVSS5.8AI score0.00248EPSS
Exploits0References4
Rows per page
Query Builder