FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- missing permission checks

Affected packages
gitea < 1.21.2


VuXML ID 482bb980-99a3-11ee-b5f7-6bd56600d90c
Discovery 2023-08-30
Entry 2023-09-10

The Gitea team reports:

Fix missing check

Do some missing checks

By crafting an API request, attackers can access the contents of issues even though the logged-in user does not have access rights to these issues.