Gitea, Exposure of Insecure SSH Algorithms, GHSA-3M6Q-H5GJ-7MRW (Moderate)

Listen to this Post

The vulnerability stems from Gitea’s built-in SSH server, which, by default, advertises outdated cryptographic algorithms that have been deprecated or are considered weak by modern security standards. An attacker could exploit this by performing a `ssh-audit` scan against a default Gitea deployment. The audit typically flags the following as failing due to their weak or broken nature: ecdh-sha2-nistp256, ecdh-sha2-nistp384, and `ecdh-sha2-nistp521` for key exchange; `hmac-sha1` for message authentication; and `ssh-rsa` for host key. The exposure of these algorithms allows an attacker to potentially downgrade the security of an SSH session. This is because an attacker can negotiate the use of a weaker, compromised algorithm, making it feasible to perform a Man-in-the-Middle (MitM) attack or decrypt intercepted SSH traffic. The primary risk is data integrity, as the broken MAC algorithm (hmac-sha1) could be used to tamper with data. The root cause is a lack of default “hardening,” forcing administrators to manually configure secure algorithms, a step most users neglect.

Daily CVE Form

Platform: Go
Version: < 1.25.0
Vulnerability : Exposure of Insecure Algorithms
Severity: Moderate
date: 22 Apr 2026

Prediction: Include expected Patch date.

Gitea v1.25.0

What Undercode Say:

Clone the Gitea repository
git clone https://github.com/go-gitea/gitea.git
Run an SSH security audit against the default Gitea deployment
docker run -it --rm positronsecurity/ssh-audit -p 2222 gitea.local

Exploit:

An attacker can exploit this issue without any authentication. They would identify a vulnerable Gitea instance by checking the SSH banner or performing a version scan. Then, they would conduct an SSH handshake, specifically negotiating the use of a deprecated algorithm like `hmac-sha1` or ecdh-sha2-nistp256. With the session using a weak algorithm, the attacker could launch a Man-in-the-Middle (MitM) attack to intercept, decrypt, or modify the data in transit.

Protection from this CVE:

  1. Upgrade Gitea: Update to Gitea version 1.25.0 or later, which includes the fix by default.
  2. Manually Harden Configuration: If immediate upgrading is not possible, add the following to the `[bash]` section of your app.ini:

`SSH_SERVER_KEY_EXCHANGES = curve25519-sha256, diffie-hellman-group14-sha256`

`SSH_SERVER_CIPHERS = [email protected], aes128-ctr`

`SSH_SERVER_MACS = [email protected], hmac-sha2-256`

(Note: This workaround will still leave the `ssh-rsa` host key algorithm exposed).

Impact:

  • Confidentiality: An attacker could potentially decrypt and read sensitive data transmitted over the SSH session, such as source code, configuration files, or CI/CD secrets.
  • Integrity: The attacker may be able to tamper with the data stream by using the vulnerable `hmac-sha1` algorithm to forge messages.
  • System Compromise: A successful MitM attack could allow an attacker to impersonate a legitimate server, leading to credential theft or the injection of malicious commands during a Git operation.
    This analysis is based on real data from the official GitHub Security Advisory database for this issue.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top