5 matches found
GO-2026-4498 Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs
Gogs has a Protected Branch Deletion Bypass in Web Interface in gogs.io/gogs. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability scanners, please...
GHSA-2C6V-8R3V-GH6P Gogs has a Protected Branch Deletion Bypass in Web Interface
Summary An access control bypass vulnerability in Gogs web interface allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing the branch protection mechanism. This vulnerability enabl...
UBUNTU-CVE-2023-5226
An issue has been discovered in GitLab affecting all versions before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. Under certain circumstances, a malicious actor bypass prohibited branch checks using a specially crafted branch name to...
Gitlab -- multiple vulnerabilities
Gitlab reports: Static passwords inadvertently set during OmniAuth-based registration Stored XSS in notes Stored XSS on Multi-word milestone reference Denial of service caused by a specially crafted RDoc file GitLab Pages access tokens can be reused on multiple domains GitLab Pages uses default...
Design/Logic Flaw
An issue has been discovered in GitLab EE affecting all versions starting from 10.2. Required CODEOWNERS approval could be bypassed by targeting a branch without the CODEOWNERS file. Affected versions are =10.2, =13.4, =13.5, 13.5.2...