4 matches found
GO-2026-5243 Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw in code.gitea.io/gitea
Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw in code.gitea.io/gitea...
GHSA-8629-VC8R-5P58 Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw
Summary Two related issues in the token public-only scope enforcement introduced by PR 32204 CVE-2025-68941 fix. A public-only scoped API token can access private organization data. Issue 1: /user/orgs missing checkTokenPublicOnly routers/api/v1/api.go line 1599: go m.Get"/user/orgs", reqToken,...
Gitea: Incomplete CVE-2025-68941 fix: /user/orgs missing checkTokenPublicOnly + switch-case logic flaw
Summary Two related issues in the token public-only scope enforcement introduced by PR 32204 CVE-2025-68941 fix. A public-only scoped API token can access private organization data. Issue 1: /user/orgs missing checkTokenPublicOnly routers/api/v1/api.go line 1599: go m.Get"/user/orgs", reqToken,...
PT-2026-50135
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An issue exists in the token public-only scope enforcement where a public-only scoped API token can access private organization data. This occurs due to two flaws: the endpoint '/user/orgs' is...