Gitea version prior to version 1.5.1 contains a CWE-200 vulnerability that can result in Exposure of users private email addresses. This attack appear to be exploitable via Watch a repository to receive email notifications. Emails received contain the other recipients even if they have the email set as private. This vulnerability appears to have been fixed in 1.5.1.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| github.com/go-gitea/gitea(Go) | 0 | 1.5.1 | N/A |
CVSS Metrics
