CVE-2026-20883
Published
CVSS v3
6.5
MEDIUM
CVSS v2
N/A
Affected
1
PROJECT
Description
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
Git with a cup of tea! Painless self-hosted all-in-one software development service, including Git hosting, code review, team collaboration, package registry and CI/CD
GitHub