GHSA-393c-qgvj-3xph

Опубликовано: 23 янв. 2026

Источник: github

Github: Прошло ревью

CVSS4: 5.3

Описание

Gitea does not properly validate repository ownership when deleting Git LFS locks

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

Ссылки

Пакеты

Наименование

github.com/go-gitea/gitea

Затронутые версииВерсия исправления

< 1.25.4

1.25.4

EPSS

Процентиль: 11%

0.00038

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2026-20897

Дефекты

CWE-284

Связанные уязвимости

CVE-2026-20897

CVSS3: 9.1

nvd

15 дней назад

Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.

CVE-2026-20897

CVSS3: 9.1

debian

15 дней назад

Gitea does not properly validate repository ownership when deleting Gi ...

EPSS

Процентиль: 11%

0.00038

Низкий

5.3 Medium

CVSS4

CVE ID

CVE-2026-20897

Дефекты

CWE-284