First published: Mon Oct 08 2018(Updated: )
Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
go/github.com/go-gitea/gitea | <1.5.1 | 1.5.1 |
Gitea Gitea | <1.5.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vulnerability is CVE-2018-1000803.
The severity of CVE-2018-1000803 is medium with a CVSS score of 5.3.
The CWE ID for this vulnerability is CWE-200.
This vulnerability can be exploited by watching a repository to receive email notifications, which exposes users' private email addresses.
You can mitigate CVE-2018-1000803 by updating Gitea to version 1.5.1 or later.