CVE-2025-68941

MEDIUM4.9EPSS 0.01%

Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Published: 12/26/2025Modified: 3/3/2026
Also known as:GHSA-xfq3-qj7j-4565BIT-gitea-2025-68941GO-2025-4268

Description

Gitea mishandles access to a private resource upon receiving an API token with scope limited to public resources in code.gitea.io/gitea

Affected packages (3)

CVSS scores

SourceVersionSeverityVector
osvCVSS 3.1MEDIUM4.9CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:L/A:N

References (7)