CVE-2018-1000803

MEDIUM

Gitea < 1.5.1 - Unauthorized Exposure of Private Email Addresses via Repository Watch Notifications

Title source: llm
STIX 2.1

Description

Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.

References (2)

Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/go-gitea/gitea/pull/4664

Scores

CVSS v3 5.3
EPSS 0.0129
EPSS Percentile 66.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200
Status published
Products (2)
gitea/gitea < 1.5.1
go-gitea/gitea 0 - 1.5.1Go
Published Oct 08, 2018
Tracked Since Feb 18, 2026