4 matches found
CVE-2023-49946
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...
CVE-2023-49946
creationtimestamp| type| source ---|---|--- 2023-12-22 09:51:43+00:00| seen| https://t.me/ctinow/158281...
CVE-2023-49946
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...
CVE-2023-49946
Summary: Forgejo prior to 1.20.5-1 is vulnerable to improper access control. The issue arises because certain endpoints do not verify whether an object belongs to a repository for which permissions are checked, allowing remote attackers to read private issues, read private pull requests, delete i...