4 matches found
Information Exposure
Gitea is vulnerable to Information Exposure. The vulnerability is due to missing reqRepoReaderunit.TypeCode authorization checks on the issuetemplates, issueconfig, and issueconfig/validate API endpoints, which allows an attacker to access and retrieve repository issue template and configuration...
GHSA-3FWP-P5RJ-2PXF Gitea: Missing repository-unit authorization on issue-template API endpoints
Summary Three Gitea API endpoints — GET /repos/owner/repo/issuetemplates, GET /repos/owner/repo/issueconfig and GET /repos/owner/repo/issueconfig/validate — read files from the repository's Code default branch .gitea/ISSUETEMPLATE/ and issueconfig.yaml and return their contents, but are registere...
CVE-2018-4342
A configuration issue was addressed with additional restrictions. This issue affected versions prior to macOS Mojave 10.14.1...
SUSE-SU-2016:0954-1 Security update for quagga
This update for quagga fixes one security issue: - bsc770619: Disallow unprivileged users to enter config directory /etc/quagga group: quagga, mode: 750 and read configuration files installed there group: quagga, mode: 640...