Описание
Gitea improperly exposes issue and pull request titles
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.
Пакеты
Наименование
github.com/go-gitea/gitea
go
Затронутые версииВерсия исправления
< 1.25.4
1.25.4
Связанные уязвимости
CVSS3: 6.5
nvd
16 дней назад
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.
CVSS3: 6.5
debian
16 дней назад
Gitea's notification API does not re-validate repository access permis ...