CVE-2018-1000803 — Sensitive Information Exposure in Go-gitea Gitea

CWE-200 — Sensitive Information Exposure4 documents3 sources

Severity

5.3MEDIUMNVD

EPSS

0.2%

top 53.90%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Go-gitea Gitea Gitea

Timeline

PublishedOct 8

Latest updateAug 21

Description

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶NVDgitea/gitea< 1.5.1

▶Gogithub.com/go-gitea_gitea< 1.5.1

Patches

Patch: github.com ↗Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

Gitea Exposes Private Email Addresses in github.com/go-gitea/gitea↗2024-08-21

▶

GHSA

Gitea Exposes Private Email Addresses↗2022-02-15

▶

OSV

Gitea Exposes Private Email Addresses↗2022-02-15

▶