Forgejo - Forgejo CVE

Filtered by vendor Forgejo Subscribe

Filtered by product Forgejo

ALL

NONE (0.0) LOW (0.1 - 3.9) MEDIUM (4.0 - 6.9) HIGH (7.0 - 8.9) CRITICAL (9.0 - 10.0)

Total 1 CVE

CVE	Vendors	Products	Updated	CVSS v2	CVSS v3
CVE-2023-49946	1 Forgejo	1 Forgejo	2023-12-07	N/A	9.1 CRITICAL
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.

Vulnerabilities (CVE)