漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Gitea: Cross-Repository Authorization Bypass via Release Attachment Linking Leads to Private Attachment Disclosure
Vulnerability Description
Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users.
CVSS Information
N/A
Vulnerability Type
访问控制不恰当
Vulnerability Title
Gitea 安全漏洞
Vulnerability Description
Gitea是Gitea社区的一个基于Go开发的轻量型git服务。 Gitea存在安全漏洞,该漏洞源于将附件链接到发布版本时未正确验证仓库所有权,可能导致上传到私有仓库的附件被链接到不同公共仓库的发布版本,从而被未授权用户访问。
CVSS Information
N/A
Vulnerability Type
N/A