Описание
Gitea has improper access control for uploaded attachments
Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.
Пакеты
Наименование
code.gitea.io/gitea
go
Затронутые версииВерсия исправления
< 1.25.4
1.25.4
Связанные уязвимости
CVSS3: 7.5
nvd
16 дней назад
Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.
CVSS3: 7.5
debian
16 дней назад
Gitea does not properly verify repository context when deleting attach ...