Описание
Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.
Ссылки
- Release Notes
- Issue TrackingPatch
- Release Notes
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 1.25.4 (исключая)
cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*
EPSS
Процентиль: 2%
0.00012
Низкий
7.5 High
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.5
redhat
2 месяца назад
Gitea does not properly verify repository context when deleting attachments. A user who previously uploaded an attachment to a repository may be able to delete it after losing access to that repository by making the request through a different repository they can access.
CVSS3: 7.5
debian
2 месяца назад
Gitea does not properly verify repository context when deleting attach ...
EPSS
Процентиль: 2%
0.00012
Низкий
7.5 High
CVSS3
Дефекты
CWE-284