2 matches found
SUSE CVE-2026-30943
Gokapi is a self-hosted file sharing server with automatic expiration and encryption support. Prior to 2.2.4, An insufficient authorization check in the file replace API allows a user with only list visibility permission UserPermListOtherUploads to delete another user's file by abusing the...
CVE-2026-30943
Gokapi prior to version 2.2.4 contains an insufficient authorization check in the file replace API. A user with only list visibility permission (UserPermListOtherUploads) could delete another user’s file by abusing the deleteNewFile flag, effectively escalating privileges. The issue is fixed in 2...