Описание
Gitea before 1.25.2 mishandles authorization for deletion of releases.
A flaw was found in Gitea. An incorrect authorization allows an authenticated user with minimal privileges to delete project releases, causing a loss of availability of project assets and distribution history.
Отчет
This issue will only cause the deletion of project assets and distribution history with no other security impact, such as memory corruption or arbitrary code execution. Additionally, exploitation requires an authenticated account with minimal privileges, limiting the exposure of this issue. Due to these reasons, this vulnerability has been rated with a moderate severity.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-cli-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-controller-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel8 | Fix deferred | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9 | Fix deferred |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
5.4 Medium
CVSS3
Связанные уязвимости
Gitea before 1.25.2 mishandles authorization for deletion of releases.
Gitea before 1.25.2 mishandles authorization for deletion of releases.
Gitea before 1.25.2 mishandles authorization for deletion of releases.
Gitea mishandles authorization for deletion of releases
Уязвимость системы управления Git-репозиториями Gitea, связанная с недостатками процедуры авторизации, позволяющая нарушителю оказать воздействие на доступность защищаемой информации
5.4 Medium
CVSS3