Количество 2
Количество 2
CVE-2026-30943
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4.
GHSA-j6jp-78w8-34x6
Gokapi vulnerable to Privilege Escalation in File Replace
Уязвимостей на страницу
Уязвимость | CVSS | EPSS | Опубликовано | |
|---|---|---|---|---|
 | CVE-2026-30943 Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission (UserPermListOtherUploads) to delete another user's file by abusing the deleteNewFile flag, bypassing the requirement for UserPermDeleteOtherUploads. This vulnerability is fixed in 2.2.4. | CVSS3: 4.1 | 0% Низкий | 28 дней назад |
| GHSA-j6jp-78w8-34x6 Gokapi vulnerable to Privilege Escalation in File Replace | CVSS3: 4.1 | 0% Низкий | 29 дней назад |
Уязвимостей на страницу