CVE-2026-20897

Опубликовано: 22 янв. 2026

Источник: debian

Описание

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitea	removed			package

Связанные уязвимости

CVE-2026-20897

CVSS3: 9.1

redhat

2 месяца назад

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

CVE-2026-20897

CVSS3: 9.1

nvd

2 месяца назад

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

ROS-20260224-73-0030

CVSS3: 9.1

redos

около 1 месяца назад

Уязвимость gitea

GHSA-393c-qgvj-3xph

github

2 месяца назад

Gitea does not properly validate repository ownership when deleting Git LFS locks