Описание
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.
An access control flaw has been discovered in Gitea. Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Pipelines | openshift-pipelines/pipelines-opc-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-cli-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-cli-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-controller-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-controller-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-watcher-rhel9 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel8 | Not affected | ||
| OpenShift Pipelines | openshift-pipelines/pipelines-pipelines-as-code-webhook-rhel9 | Not affected |
Показывать по
Ссылки на источники
Дополнительная информация
Статус:
9.1 Critical
CVSS3
Связанные уязвимости
Gitea does not properly validate project ownership in organization project operations. A user with project write access in one organization may be able to modify projects belonging to a different organization.
Gitea does not properly validate project ownership in organization pro ...
Gitea does not properly validate project ownership in organization project operations
Уязвимость системы управления Git-репозиториями Gitea, связанная с ошибками разграничения доступа, позволяющая нарушителю получить несанкционированный доступ к защищаемой информации
9.1 Critical
CVSS3