Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.
History

Mon, 06 Jul 2026 23:15:00 +0000

Type Values Removed Values Added
First Time appeared Gitea
Gitea gitea Open Source Git Server
Vendors & Products Gitea
Gitea gitea Open Source Git Server

Fri, 03 Jul 2026 20:45:00 +0000

Type Values Removed Values Added
Description Gitea versions before 1.25.5 have insufficient visibility checks in organization permission APIs for hidden members and private organizations.
Title Gitea organization permission APIs expose private visibility information
Weaknesses CWE-284
References

cve-icon MITRE

Status: PUBLISHED

Assigner: Gitea

Published: 2026-07-03T20:19:32.421Z

Updated: 2026-07-03T20:19:32.421Z

Reserved: 2026-03-03T03:25:28.672Z

Link: CVE-2026-25712

cve-icon Vulnrichment

No data.

cve-icon NVD

No data.

cve-icon Redhat

No data.