CVE-2018-1000803
MEDIUMGitea < 1.5.1 - Unauthorized Exposure of Private Email Addresses via Repository Watch Notifications
Title source: llmDescription
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.
References (2)
Core 2
Core References
Patch, Third Party Advisory x_refsource_confirm
https://github.com/go-gitea/gitea/pull/4664/files#diff-146e0c2b5bb1ea96c9fb73d509456e57
Patch, Third Party Advisory x_refsource_confirm
https://github.com/go-gitea/gitea/pull/4664
Scores
CVSS v3
5.3
EPSS
0.0129
EPSS Percentile
66.7%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (2)
gitea/gitea
< 1.5.1
go-gitea/gitea
0 - 1.5.1Go
Published
Oct 08, 2018
Tracked Since
Feb 18, 2026