23 matches found
Improper Access Control.
code.gitea.io/gitea is vulnerable to improper access control. The vulnerability is due to inadequate enforcement of branch deletion permissions after merging a pull request, which allows an attacker to delete branches without proper authorization...
CVE-2026-25232 Gogs has a Protected Branch Deletion Bypass in Web Interface
Gogs is an open source self-hosted Git service. Versions 0.13.4 and below have an access control bypass vulnerability which allows any repository collaborator with Write permissions to delete protected branches including the default branch by sending a direct POST request, completely bypassing th...
PT-2026-20322
Name of the Vulnerable Software and Affected Versions Gogs versions 0.13.4 and below Description Gogs, an open-source self-hosted Git service, contains an access control bypass issue. Repository collaborators with Write permissions can delete protected branches, including the default branch, by...
SUSE CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
BIT-GITEA-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
GO-2025-4267 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request. in code.gitea.io/gitea...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/routers/web/repo to version 1.22.5 or...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/routers/api/v1/repo to version 1.22.5 or...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade github.com/go-gitea/gitea/services/repository to version 1.22.5...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization via inadequate enforcement of branch delete permissions after merging a pull request. An attacker can delete arbitrary branches. Remediation Upgrade code.gitea.io/gitea/services/repository to version 1.22.5 or...
Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
GHSA-RRCW-5RJV-VJ26 Gitea doesn't adequately enforce branch deletion permissions after merging a pull request.
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
EUVD-2025-205410
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request...
CVE-2025-68940
CVE-2025-68940 (Gitea) : Multiple connected sources confirm a vulnerability in Gitea up to version 1.22.4 where branch deletion permissions are not adequately enforced after merging a pull request. The issue affects the code paths governing branch deletion permissions and can allow improper branc...
Gitea 安全漏洞
Gitea is a lightweight Go-based git service developed by the Gitea community. A security vulnerability exists in Gitea versions prior to 1.22.5, which stems from insufficient execution of branch delete permissions after a merge pull request...
PT-2025-53437
Name of the Vulnerable Software and Affected Versions Gitea versions prior to 1.22.5 Description A permission enforcement issue exists in Gitea related to branch deletion after a pull request merge. Specifically, the system does not adequately enforce branch deletion permissions in these scenario...