Описание
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| gitea | removed | package |
EPSS
Процентиль: 1%
0.00011
Низкий
Связанные уязвимости
CVSS3: 4.3
redhat
2 месяца назад
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.
CVSS3: 4.3
nvd
2 месяца назад
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface. A user with read access to pull requests may be able to cancel auto-merges scheduled by other users.
github
2 месяца назад
Gitea does not properly verify authorization when canceling scheduled auto-merges via the web interface
EPSS
Процентиль: 1%
0.00011
Низкий