« All posts

Critical Auth Bypass in Gitea Docker Images Exposed

Learn about the critical authentication bypass in Gitea Docker images. Update promptly to enhance your security.

A critical authentication bypass in official Gitea Docker images allows attackers to impersonate any user, including administrators, without credentials. This vulnerability grants full control over source code and CI secrets. Users are urged to upgrade to Gitea 1.26.4 and configure trusted proxies properly to mitigate risks.