109 matches found
Forgejo Security Breach
Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 1.20.5-1. A remote attacker could exploit this vulnerability to test the existence of a private user account by appending .rss or other extensions to a URL...
Forgejo Security Breach
Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 1.20.5-1. A remote attacker can use this vulnerability to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...
CVE-2023-49946
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...
CVE-2023-49948
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...
PT-2023-31419 · Forgejo · Forgejo
Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL. Recommendations: For versions prior to 1.20.5-1, update to...
PT-2023-31417 · Forgejo · Forgejo
Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to perform unauthorized actions due to certain endpoints not checking whether an object belongs to a repository for which permissions are being checked. This...
Incorrect Permission Assignment for Critical Resource
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...
Exposure of Sensitive Information to an Unauthorized Actor
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...
CVE-2023-49948
Forgejo before 1.20.5-1 is vulnerable to Information Disclosure: an attacker can determine the existence of private user accounts by appending a URL extension such as .rss, due to a lack of appropriate view-permission checks in the UsernameSubRoute/home.go path. The issue affects Forgejo releases...