17 matches found
PT-2026-6863
Vulnerability Description In the endpoint: /username/reponame/settings/hooks/git/:name the :name parameter: Is URL-decoded by macaron routing, allowing decoded slashes / Is then passed directly to: go git.Repository.Hook"custom hooks", name which internally resolves the path as: go...
CVE-2026-1699
In the Eclipse Theia Website repository, the GitHub Actions workflow .github/workflows/preview.yml used pullrequesttarget trigger while checking out and executing untrusted pull request code. This allowed any GitHub user to execute arbitrary code in the repository's CI environment with access to...
CVE-2026-20800
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications...
CVE-2026-20883
Gitea: CVE-2026-20883 involves the stopwatch API failing to re-validate repository permissions. After revocation, users may still access issue titles and repository names via ongoing stopwatches. Documented in OSV entries (GO-2026-4368, BIT-GITEA-2026-20883, GHSA/j8xr-c56q-m8jj) and vendor adviso...
CVE-2024-2440
A race condition in GitHub Enterprise Server allowed an existing admin to maintain permissions on a detached repository by making a GraphQL mutation to alter repository permissions while the repository is detached. This vulnerability affected all versions of GitHub Enterprise Server prior to 3.13...
CVE-2025-55191
Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Versions between 2.1.0 and 2.14.19, 3.2.0-rc1, 3.1.0-rc1 through 3.1.7, and 3.0.0-rc1 through 3.0.18 contain a race condition in the repository credentials handler that can cause the Argo CD server to panic and crash when...
CVE-2025-4374 Quay: incorrect privilege assignment
A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...
GitHub Enterprise Server Security Vulnerability
GitHub Enterprise Server is a U.S. GitHub open source application. Provides a platform for setting up your own GitHub instance as a virtual appliance, thus providing a scalable, easy-to-manage platform. A security vulnerability exists in GitHub Enterprise Server versions prior to 3.8.12, prior to...
Atlassian Bitbucket 6.4.x < 6.4.4 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.11, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.7, 6.3.x prior to 6.3.6, 6.4.x prior to 6.4.4, 6.5.x prior to 6.5.3, 6.6.x prior to 6.6.3, 6.7.x prior...
Atlassian Bitbucket 6.3.x < 6.3.6 Multiple Vulnerabilities
According to its self-reported version number, the Atlassian Bitbucket application running on the remote host is prior to 5.16.11, 6.0.x prior to 6.0.11, 6.1.x prior to 6.1.9, 6.2.x prior to 6.2.7, 6.3.x prior to 6.3.6, 6.4.x prior to 6.4.4, 6.5.x prior to 6.5.3, 6.6.x prior to 6.6.3, 6.7.x prior...
Changing public flag in Repository Permissions does not reflect on mirrors
h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...
Changing public flag in Repository Permissions does not reflect on mirrors
h3. Issue Summary When Public flag is enabled/disabled for a mirrored repository, it doesn't sync on corresponding mirrors. h3. Steps to Reproduce Setup BbS Mirror and approve it on upstream. Create a repository in some project, let's say Project A, and set Public flag as Enabled in Repository...
Authorization Bypass
borgbackup is vulnerable to authorization bypasses. The application does not properly enforce permissions over repository access, allowing a malicious user to have access to repositories on the server...
OpenText Documentum Content Server - Arbitrary File Download
OpenText Documentum Content Server - Arbitrary File Download !/usr/bin/env python Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains following design gap, which allows authenticated user to download arbitrary content files regardless attacker's repository...
Opentext Documentum Content Server File Download Exploit
Opentext Documentum Content Server formerly known as EMC Documentum Content Server contains a design gap that allows authenticated user to download arbitrary content files regardless of the attacker's repository permissions. !/usr/bin/env python Opentext Documentum Content Server formerly known a...
Command injection
OpenText Documentum Content Server formerly EMC Documentum Content Server through 7.3 contains the following design gap, which allows authenticated users to download arbitrary content files regardless of the attacker's repository permissions: When an authenticated user uploads content to the...
Sukria backup manager weak repository permissions
Repository is world readable. Insecure temporary files creation...