Primary

Context

Gitea OpenID URI Visibility Toggle Vulnerability

Vulnerability

Patched

A vulnerability exists in Gitea that allows authenticated users to improperly manage the visibility of OpenID URIs belonging to other users. This issue arises because the application fails to adequately verify ownership when users attempt to change visibility settings for OpenID identities.

Impact

Exploitation of this vulnerability could lead to unauthorized changes in OpenID URI visibility, potentially allowing for misuse of OpenID identities.

Remediation

Users can upgrade to Gitea version 1.25.4 or later, where this vulnerability has been addressed.

Added: Jan 22, 2026, 10:19 PM

Updated: Jan 22, 2026, 10:19 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

1.3

exploitability

5.0

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

1.3

exploitability

5.0

remediation

7.7

relevance

2.3

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Gitea OpenID URI Visibility Toggle Vulnerability

Vulnerability

Impact

Remediation

Affected Products

Gitea

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating