CVE-2025-68943

MEDIUM5.3EPSS 0.01%

Gitea inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order in code.gitea.io/gitea

發布日:2025/12/26修改日:2026/1/1

也稱為:GHSA-jhx5-4vr4-f327BIT-gitea-2025-68943GO-2025-4266

描述

Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.

受影響套件(3)

Bitnami/giteafrom 0, < 1.21.8
Go/code.gitea.io/giteafrom 0, < 1.21.8
Go/code.gitea.io/giteafrom 0, < 1.21.8

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	MEDIUM5.3	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

參考連結(7)