Gitea Vulnerability Exposes Private Container Images

Gitea Authentication Bypass Leaks Private Container Images

A vulnerability in Gitea allows unauthenticated users to pull private container images from its built-in package registry. No credentials required. If your team is self-hosting Gitea and using it as a container registry, your private images may already be accessible to anyone who knows where to look.

The flaw bypasses the authentication layer on Gitea's OCI-compliant container registry endpoint. Gitea added package registry support, including container image hosting, in version 1.17. That same feature set is where this access control failure lives. Attackers can send unauthenticated HTTP requests to the registry API and receive valid image manifests and layer blobs in response, effectively pulling images as if they had legitimate credentials.

How the Authentication Bypass Works

The registry endpoint fails to enforce authentication checks consistently across all request paths. Standard Docker and OCI registry clients follow a token-based auth flow: they hit the registry, get redirected to an auth server, obtain a bearer token, then re-request the resource. In this case, certain request paths skip the token validation step entirely. A client that omits the authorization header still receives a 200 response with the image data.

This is not a misconfiguration issue on the user side. The default Gitea setup is affected. Administrators who believed private repositories meant private images were operating on a reasonable assumption that turned out to be wrong.

What Developers and Teams Are Actually Risking

Private container images are rarely empty. They tend to contain compiled application code, internal tooling, hardcoded configuration references, base images with proprietary modifications, and occasionally secrets that slipped through during build time. Exposing them publicly removes a significant layer of security by obscurity that many teams rely on without realizing it.

Beyond intellectual property, the risk extends to supply chain attacks. If an attacker can pull your private base images, they can analyze your dependency stack, identify outdated packages, and target those specific versions in downstream attacks against your users or infrastructure.

Teams running Gitea on internal networks with no external exposure have a lower immediate risk. But anyone with a publicly accessible Gitea instance and a container registry in use should treat this as urgent.

Protecting Your Gitea Container Registry

Patch immediately if an update is available for your Gitea version. Check the Gitea releases page for security fixes addressing registry authentication.

If a patch is not yet available or you cannot update immediately, consider these mitigations:

• Network-level restriction: Place your Gitea instance behind a firewall or VPN and block public access to the registry endpoints (/v2/ paths).
• Reverse proxy rules: Use nginx or Caddy to require authentication at the proxy layer for all /v2/ requests until the underlying bug is fixed.
• Audit pull logs: Review your registry access logs for unexpected unauthenticated requests to determine if exploitation has already occurred.
• Rotate any secrets: If your images contain environment variables, tokens, or configuration values, rotate those credentials now regardless of whether you confirm a breach.

Running an automated scan against your Gitea instance can surface exposed endpoints you might not be monitoring. Run a free scan at /scan to check for authentication issues on your registry and other web-facing services.

How to Check If Your Instance Is Vulnerable

You can test manually by sending a request to https://your-gitea-host/v2/<owner>/<image>/manifests/<tag> without any authorization header. If you receive image metadata back instead of a 401 or 403, you are affected.

Is this vulnerability actively being exploited in the wild? There are no confirmed public reports of mass exploitation yet, but the attack requires minimal skill and no authentication, which means the window between disclosure and active scanning by opportunistic attackers is short.

Does this affect Gitea Cloud or only self-hosted instances? Self-hosted instances are the primary concern. If you manage your own Gitea deployment with the package registry feature enabled, you need to act now.

Do private Git repositories also leak through this vulnerability? Current reports are specific to the container registry endpoints. Standard Git repository access does not appear to be affected by the same bypass, but keep your Gitea instance patched regardless.

Check your Gitea instance and other web services for authentication vulnerabilities now at VibeWShield /scan.