Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2018-10-08T15:00:00Z
Updated: 2024-09-16T20:36:30.351Z
Reserved: 2018-10-08T00:00:00Z
Link: CVE-2018-1000803
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-10-08T15:29:00.367
Modified: 2024-11-21T03:40:23.330
Link: CVE-2018-1000803
Redhat
No data.