Primary

Context

Gitea Improper Project Ownership Validation Vulnerability in Organization Project Operations

Vulnerability

Patched

A vulnerability exists in Gitea's handling of project ownership during organization project operations. Users with project write access in one organization may inadvertently modify projects belonging to a different organization. This issue arises from inadequate validation of project ownership, allowing unauthorized changes to be made across organizational boundaries.

Impact

Exploitation of this vulnerability could lead to unauthorized modifications of projects in different organizations, potentially causing confusion or disruption in project management and collaboration.

Remediation

Users can upgrade to Gitea version 1.25.4 or later, where this vulnerability has been addressed. Instructions for downloading Gitea can be found on the Gitea releases page.

Added: Jan 22, 2026, 10:25 PM

Updated: Jan 22, 2026, 10:25 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

5.0

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

5.0

exploitability

5.0

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gitea Improper Project Ownership Validation Vulnerability in Organization Project Operations

Vulnerability

Impact

Remediation

Affected Products

Gitea

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating