Distribution: stale blob access resurrection via repo-scoped redis descriptor cache invalidation

summary: distribution can restore read access in repo a after an explicit delete when storage.cache.blobdescriptor: redis and storage.delete.enabled: true are both enabled. the delete path clears the shared digest descriptor but leaves stale repo-scoped membership behind, so a later Stat or Get...

SUSE CVE-2026-25120

Gogs is an open source self-hosted Git service. In versions 0.13.4 and below, the DeleteComment API does not verify that the comment belongs to the repository specified in the URL. This allows a repository administrator to delete comments from any other repository by supplying arbitrary comment...

CVE-2022-40309

Users with write permissions to a repository can delete arbitrary directories...

GitLab: Insufficient Type Check leading to Developer ability to delete Project, Repository, Group, ...

Summary Similar bug to 858671, but this time with annotations mutation: DeleteAnnotation in app/graphql/mutations/metrics/dashboard/annotations/base.rb ruby module Mutations module Metrics module Dashboard module Annotations class Base " clientMutationId 3. Project disappear along with Repository...

GitLab: Insufficient Type Check on GraphQL leading to Maintainer delete repository

Summary As you have know, Maintainer cannot delete/archive repository. But via GraphQL, they can do as there exists an sufficient check on GraphQL API app/graphql/mutations/snippets/destroy.rb ruby def resolveid: snippet = authorizedfind!id: id response = ::Snippets::DestroyService.newcurrentuser...