CVE-2026-20897

Опубликовано: 22 янв. 2026

Источник: debian

Описание

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
gitea	removed			package

Связанные уязвимости

CVE-2026-20897

CVSS3: 9.1

nvd

16 дней назад

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

GHSA-393c-qgvj-3xph

github

16 дней назад

Gitea does not properly validate repository ownership when deleting Git LFS locks