2 matches found
Authorization Bypass Through User-Controlled Key
Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the ToggleUserOpenIDVisibility function. An authenticated attacker can modify the visibility settings of other users' OpenID identities. Remediation Upgrade...
CVE-2026-20904
Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities...