Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2026-20909
PUBLISHED
More InfoOfficial Page
Assigner-Gitea
Assigner Org ID-88ee5874-cf24-4952-aea0-31affedb7ff2
View Known Exploited Vulnerability (KEV) details
Published At-03 Jul, 2026 | 20:19
Updated At-03 Jul, 2026 | 20:19
Rejected At-
▼CVE Numbering Authority (CNA)
Gitea tracked-time list endpoint has insufficient permission checks

Gitea versions before 1.25.5 have insufficient permission checks when listing tracked time entries.

Affected Products
Vendor
Gitea
Product
Gitea Open Source Git Server
Default Status
unaffected
Versions
Affected
  • From 0 before 1.25.5 (semver)
Problem Types
TypeCWE IDDescription
CWECWE-284CWE-284
Type: CWE
CWE ID: CWE-284
Description: CWE-284
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/go-gitea/gitea/pull/36662
patch
https://github.com/go-gitea/gitea/pull/36744
patch
https://github.com/go-gitea/gitea/releases/tag/v1.25.5
release-notes
https://blog.gitea.com/release-of-1.25.5/
release-notes
Hyperlink: https://github.com/go-gitea/gitea/pull/36662
Resource:
patch
Hyperlink: https://github.com/go-gitea/gitea/pull/36744
Resource:
patch
Hyperlink: https://github.com/go-gitea/gitea/releases/tag/v1.25.5
Resource:
release-notes
Hyperlink: https://blog.gitea.com/release-of-1.25.5/
Resource:
release-notes
Details not found