Primary

Context

Gitea Access Token Scope Mismanagement Vulnerability

Vulnerability

Patched

A vulnerability exists in Gitea versions prior to 1.22.3, where the application improperly handles access to private resources when an API token is provided with a scope restricted to public resources. This flaw can lead to unauthorized access to private data.

Impact

Exploitation of this vulnerability could result in unauthorized access to private resources, bypassing the intended restrictions of the API token's scope.

Remediation

Users can upgrade to Gitea version 1.22.3, which addresses this vulnerability. Instructions for downloading this version are available on the Gitea releases page.

Added: Dec 26, 2025, 3:18 AM

Updated: Dec 26, 2025, 3:18 AM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

1.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

7.6

remediation

7.7

relevance

1.7

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gitea Access Token Scope Mismanagement Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Gitea

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating