FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

gitea -- information disclosure

Affected packages
gitea < 1.9.5

Details

VuXML ID fd10aa77-fb5e-11e9-af7b-0800274e5f20
Discovery 2019-09-27
Entry 2019-10-30

The Gitea Team reports:

When a comment in an issue or PR mentions a user using @username, the mentioned user receives a mail notification even if they don't have permission to see the originating repository.

References

URL https://blog.gitea.io/2019/10/gitea-1.9.5-is-released/
URL https://github.com/go-gitea/gitea/releases/tag/v1.9.5