CVE-2025-68944

MEDIUM

Gitea <1.22.2 - Info Disclosure

Title source: llm

Description

Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.

References (3)

Scores

CVSS v3 5.0
EPSS 0.0001
EPSS Percentile 1.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Classification

CWE
CWE-441
Status published

Affected Products (2)

gitea/gitea < 1.22.2
code.gitea.io/gitea < 1.22.2Go

Timeline

Published Dec 26, 2025
Tracked Since Feb 18, 2026