CVE-2019-1000002

Опубликовано: 04 фев. 2019

Источник: nvd

CVSS3: 6.5

CVSS2: 5.5

EPSS Низкий

Описание

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2.

Ссылки

https://github.com/go-gitea/gitea/pull/5631
Patch
Third Party Advisory
https://github.com/go-gitea/gitea/pull/5631
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*

Версия до 1.6.2 (включая)

EPSS

Процентиль: 52%

0.0029

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo

Связанные уязвимости

CVE-2019-1000002

CVSS3: 6.5

debian

около 7 лет назад

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vu ...

GHSA-j99q-rwp6-498g

CVSS3: 6.5

github

больше 3 лет назад

Gitea Arbitrary File Delete Vulnerability

EPSS

Процентиль: 52%

0.0029

Низкий

6.5 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

NVD-CWE-noinfo