漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Notification API Leaks Private Repository Issue Titles After Collaborator Permission Revocation
Vulnerability Description
Gitea's notification API does not re-validate repository access permissions when returning notification details. After a user's access to a private repository is revoked, they may still view issue and pull request titles through previously received notifications.
CVSS Information
N/A
Vulnerability Type
信息暴露
Vulnerability Title
Gitea 安全漏洞
Vulnerability Description
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于通知API在返回通知详情时未重新验证仓库访问权限,可能导致用户对私有仓库的访问权限被撤销后,仍能通过先前收到的通知查看问题和拉取请求标题。
CVSS Information
N/A
Vulnerability Type
N/A