Lucene search
K

109 matches found

CNNVD
CNNVD
added 2023/12/03 12:0 a.m.6 views

Forgejo Security Breach

Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 1.20.5-1. A remote attacker could exploit this vulnerability to test the existence of a private user account by appending .rss or other extensions to a URL...

5.3CVSS6.6AI score0.0081EPSS
Exploits0References3
CNNVD
CNNVD
added 2023/12/03 12:0 a.m.2 views

Forgejo Security Breach

Forgejo is a lightweight git service. A security vulnerability exists in Forgejo versions prior to 1.20.5-1. A remote attacker can use this vulnerability to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...

9.1CVSS6.7AI score0.00867EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/03 12:0 a.m.23 views

CVE-2023-49946

In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...

9.3AI score0.00867EPSS
Exploits0References4
Cvelist
Cvelist
added 2023/12/03 12:0 a.m.24 views

CVE-2023-49948

Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...

5.5AI score0.0081EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2023/12/03 12:0 a.m.8 views

PT-2023-31419 · Forgejo · Forgejo

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL. Recommendations: For versions prior to 1.20.5-1, update to...

5.3CVSS5.2AI score0.0081EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2023/12/03 12:0 a.m.6 views

PT-2023-31417 · Forgejo · Forgejo

Name of the Vulnerable Software and Affected Versions: Forgejo versions prior to 1.20.5-1 Description: The issue allows remote attackers to perform unauthorized actions due to certain endpoints not checking whether an object belongs to a repository for which permissions are being checked. This...

9.1CVSS9.1AI score0.00867EPSS
Exploits0References8
GitLab Advisory Database
GitLab Advisory Database
added 2023/12/03 12:0 a.m.18 views

Incorrect Permission Assignment for Critical Resource

In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions...

9.1CVSS6.9AI score0.00867EPSS
Exploits0References5Affected Software1
GitLab Advisory Database
GitLab Advisory Database
added 2023/12/03 12:0 a.m.33 views

Exposure of Sensitive Information to an Unauthorized Actor

Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss or another extension to a URL...

5.3CVSS6.9AI score0.0081EPSS
Exploits0References4Affected Software1
CVE
CVE
added 2023/12/03 12:0 a.m.39 views

CVE-2023-49948

Forgejo before 1.20.5-1 is vulnerable to Information Disclosure: an attacker can determine the existence of private user accounts by appending a URL extension such as .rss, due to a lack of appropriate view-permission checks in the UsernameSubRoute/home.go path. The issue affects Forgejo releases...

5.3CVSS5.2AI score0.0081EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder