GHSA-m5ch-ppfx-xv3vunknown

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly...

Published
July 3, 2026
Last Modified
July 3, 2026

🔗 CVE IDs covered (1)

📋 Description

Gitea versions before 1.25.5 do not persist the OAuth2 PKCE S256 challenge method correctly during authorization, allowing token exchange without the expected verifier check.

🔗 References (6)