Описание
Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users.
Ссылки
- Release Notes
- Issue TrackingPatch
- Issue TrackingPatch
- Release Notes
- Broken Link
Уязвимые конфигурации
Конфигурация 1Версия до 1.25.4 (исключая)
cpe:2.3:a:gitea:gitea:*:*:*:*:*:-:*:*
EPSS
Процентиль: 11%
0.00038
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 9.1
debian
16 дней назад
Gitea does not properly validate repository ownership when linking att ...
github
16 дней назад
Gitea does not properly validate repository ownership when linking attachments to releases
EPSS
Процентиль: 11%
0.00038
Низкий
9.1 Critical
CVSS3
Дефекты
CWE-284