CVE-2025-68944
published 2025-12-26CVE-2025-68944: Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.25%
16.6th percentile
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| code.gitea.io | gitea | >= 0 < 1.22.2 | 1.22.2 |
| gitea | gitea | < 1.22.2 | 1.22.2 |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea
osv·2025-12-30
CVE-2025-68944 Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries in code.gitea.io/gitea
OSV
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries
osv·2025-12-26
CVE-2025-68944 [MEDIUM] Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
GHSA
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries
ghsa·2025-12-26
CVE-2025-68944 [MEDIUM] CWE-441 Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries
Gitea sometimes mishandles propagation of token scope for access control within one of its own package registries
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
Red Hat
gitea: Gitea: Access control bypass in package registries
vendor_redhat·2025-12-26·CVSS 5.0
CVE-2025-68944 [MEDIUM] CWE-441 gitea: Gitea: Access control bypass in package registries
gitea: Gitea: Access control bypass in package registries
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
A flaw was found in Gitea, a self-hosted Git service. This vulnerability allows an authenticated user to bypass access controls within its package registries. This occurs because the system improperly handles the propagation of token scope, which defines what actions a token is allowed to perform. As a result, an attacker could potentially make unauthorized changes to data or resources in the package registries.
Statement: This vulnerability is rated Moderate for Red Hat. An authenticated user could bypass access controls within Gitea's package registries due to improper token scope propagation. Thi
No detection rules found.
No public exploits indexed.
2025-12-26
Published