CVE-2018-1000803

Published: Oct 8, 2018Modified: Nov 21, 2024

5.3

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitability: 3.9 / Impact: 1.4

Source: NVD

Description

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.

Affected (1)

Products: Gitea: Gitea

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gitea Gitea	Before 1.5.1

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/go-gitea/gitea/pull/4664

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/go-gitea/gitea/pull/4664

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

Timeline

No history available yet.