Dismissed
(no matching packages found)
Permalink
CVE-2026-27771
8.2 HIGH
- CVSS version (CVSS): 3.0
- Attack Vector (AV): Network (N)
- Attack Complexity (AC): Low (L)
- Privileges Required (PR): None (N)
- User Interaction (UI): None (N)
- Scope (S): Unchanged (U)
- Confidentiality (C): High (H)
- Integrity (I): Low (L)
- Availability (A): None (N)
- Modified Attack Vector (MAV): Network (N)
- Modified Attack Complexity (MAC): Low (L)
- Modified Privileges Required (MPR): None (N)
- Modified User Interaction (MUI): None (N)
- Modified Confidentiality (MC): High (H)
- Modified Scope (MS): Unchanged (U)
- Modified Integrity (MI): Low (L)
- Modified Availability (MA): None (N)
Activity log
- Created & dismissed (no matching packages found) suggestion
Gitea Composer package source links use insufficient permission checks
Gitea versions up to and including 1.26.1 have insufficient permission checks for Composer package source links, which can expose private or internal package source information.
References
-
GitHub Security Advisory vendor-advisory
-
Gitea v1.26.2 Release release-notes
-
Gitea v1.26.2 Release Blog Post release-notes
Affected products
Gitea Open Source Git Server
- =<1.26.1