3 matches found
GO-2026-5510 Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo in code.gitea.io/gitea
Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo in code.gitea.io/gitea...
GHSA-MM7C-RHG6-QR4R Gitea: Authorization Bypass via "Allow edits from maintainers" allows unauthorized commits to any readable repo
Summary Any authenticated low-privilege user with read access to a repository can push arbitrary commits directly to that repository, bypassing all write-access checks. Vulnerability Gitea's "Allow edits from maintainers" PR option can be abused via reverse-fork PRs: 1. The web UI PR-create...
PT-2026-50136
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authorization bypass allows any authenticated low-privilege user with read access to a repository to push arbitrary commits directly to that repository, bypassing write-access checks. This...