CVE-2026-20904

Sažetak

Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.

Reference

https://blog.gitea.com/release-of-1.25.4/
https://github.com/go-gitea/gitea/pull/36346
https://github.com/go-gitea/gitea/pull/36361
https://github.com/go-gitea/gitea/releases/tag/v1.25.4
https://github.com/go-gitea/gitea/security/advisories/GHSA-jrpc-w85r-hgqx

CVSS

Base:	0.0
Impact:	None
Exploitability:	None

Pristup

Vektor	Složenost	Autentikacija
None	None	None

Impact

Povjerljivost	Cjelovitost	Dostupnost
None	None	None

CVSS vektor

None

Zadnje važnije ažuriranje

22-01-2026 - 22:16

Objavljeno

22-01-2026 - 22:16