2 matches found
GHSA-744X-3838-5R56 Gogs Vulnerable to Unauthenticated Organization Teams Information Disclosure via API
Summary Gogs has an unauthenticated information disclosure vulnerability. The GET /api/v1/orgs/:orgname/teams endpoint at internal/route/api/v1/orgteam.go:8 returns all teams for any organization without requiring authentication. The route group at internal/route/api/v1/api.go:380-385 lacks the...
Incorrect Authorization
Overview Affected versions of this package are vulnerable to Incorrect Authorization through the certificate template batch deletion process. An attacker can remove certificate templates belonging to other teams by supplying arbitrary team identifiers and template IDs to the API endpoint...