11 matches found
CVE-2026-28744
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...
CVE-2026-28744 Gitea Git smart HTTP bypasses repository token scopes for bearer tokens
Gitea versions up to and including 1.26.1 allow Git smart HTTP requests authenticated with bearer tokens to bypass repository token scope checks...
CVE-2026-27761
Gitea versions up to and including 1.26.2 expose private repository commit data via RSS/Atom feed endpoints by bypassing API access token scope checks. This affects feeds that do not enforce repository scope, allowing tokens without repository scope to access private data. Public references indic...
CVE-2026-14340
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...
CVE-2026-14340
An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a user-to-server token scoped to a GitHub App installation to perform certain write operations on public repositories outside the token's intended scope. This was possible because the authorization...
GHSA-CR4G-F395-H25H Gitea: Token scope bypass on web archive download endpoint
Summary PR 37698 added checkDownloadTokenScope to /raw/, /media/, and attachment download web endpoints. The /archive/ endpoint repo.Download in routers/web/repo/repo.go:372 was not included in the fix. This endpoint accepts OAuth2 tokens via webAuth.AllowOAuth2 registered at...
Gitea: Git Smart HTTP Skips Repository Token Scopes for Bearer Tokens
Summary Gitea v1.26.1 enforces repository-scoped access-token permissions on repository operations. In the Git Smart HTTP path, however, this check runs only when the token is presented via HTTP Basic authentication — CheckRepoScopedToken returns early unless ctx.IsBasicAuth is true — so the same...
PT-2026-50138
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.26.1 Description In the Git Smart HTTP path, the system fails to enforce repository-scoped access-token permissions when tokens are provided via Bearer authentication. While the CheckRepoScopedToken function is design...
EUVD-2026-10828
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed an authenticated user with a classic personal access token PAT lacking the repo scope to retrieve issues and commits from private and internal repositories via the search REST API endpoints. The user...
GitHub Enterprise Server 安全漏洞
GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Prior to version 3.20 of GitHub Enterprise Server, there were security...