Описание
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.
Ссылки
- Not Applicable
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Not Applicable
- Not Applicable
- Release NotesVendor Advisory
- Release NotesVendor Advisory
- Not Applicable
Уязвимые конфигурации
Конфигурация 1Версия до 1.20.5-1 (исключая)
cpe:2.3:a:forgejo:forgejo:*:*:*:*:*:*:*:*
EPSS
Процентиль: 29%
0.00103
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-732
Связанные уязвимости
CVSS3: 9.1
debian
около 2 лет назад
In Forgejo before 1.20.5-1, certain endpoints do not check whether an ...
CVSS3: 9.1
github
около 2 лет назад
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.
EPSS
Процентиль: 29%
0.00103
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-732