FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- information disclosure

Affected packages
gitea < 1.20.3

Details

VuXML ID 36a37c92-44b1-11ee-b091-6162c1274384
Discovery 2023-06-06
Entry 2023-08-27

The Gitea team reports:

Fix API leaking Usermail if not logged in

The API should only return the real Mail of a User, if the caller is logged in. The check do to this don't work. This PR fixes this. This not really a security issue, but can lead to Spam.

References

URL https://blog.gitea.com/release-of-1.20.3
URL https://github.com/go-gitea/gitea/releases/tag/v1.20.3