Описание
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
Ссылки
- Release Notes
- Issue TrackingPatch
- Issue TrackingPatch
- Release Notes
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 1.25.4 (исключая)
cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*
EPSS
Процентиль: 1%
0.00011
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 6.5
redhat
2 месяца назад
Gitea's stopwatch API does not re-validate repository access permissions. After a user's access to a private repository is revoked, they may still view issue titles and repository names through previously started stopwatches.
CVSS3: 6.5
debian
2 месяца назад
Gitea's stopwatch API does not re-validate repository access permissio ...
github
2 месяца назад
Gitea improperly exposes issue titles and repository names through previously started stopwatches
EPSS
Процентиль: 1%
0.00011
Низкий
6.5 Medium
CVSS3
Дефекты
CWE-284