4 matches found
CVE-2026-27783
Gitea versions up to and including 1.26.1 do not enforce repository-unit authorization on issue-template API endpoints...
GO-2026-5081 Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea
Gitea: Missing repository-unit authorization on issue-template API endpoints in code.gitea.io/gitea...
Missing Authorization
Overview Affected versions of this package are vulnerable to Missing Authorization in the GetIssueTemplates, GetIssueConfig, and ValidateIssueConfig API endpoints, which lack proper authorization checks. An attacker can access sensitive configuration files from the Code default branch of a privat...
Gitea: Missing repository-unit authorization on issue-template API endpoints
Summary Three Gitea API endpoints — GET /repos/owner/repo/issuetemplates, GET /repos/owner/repo/issueconfig and GET /repos/owner/repo/issueconfig/validate — read files from the repository's Code default branch .gitea/ISSUETEMPLATE/ and issueconfig.yaml and return their contents, but are registere...