3 matches found
Gitea: Missing repository-unit authorization on issue-template API endpoints
Summary Three Gitea API endpoints — GET /repos/owner/repo/issuetemplates, GET /repos/owner/repo/issueconfig and GET /repos/owner/repo/issueconfig/validate — read files from the repository's Code default branch .gitea/ISSUETEMPLATE/ and issueconfig.yaml and return their contents, but are registere...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the GetIssueTemplates, GetIssueConfig, and ValidateIssueConfig API endpoints, which lack proper authorization checks. An attacker can access sensitive configuration files from the Code default branch of a privat...
PT-2026-50137
Name of the Vulnerable Software and Affected Versions Gitea affected versions not specified Description An authorization bypass exists in three API endpoints that allow users to read specific files from a private repository's default branch even if they lack the required Code unit permissions. Th...