Forgejo: >> Forgejo Security Vulnerabilities
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.
CVSS Score
9.1
EPSS Score
0.001
Published
2023-12-03
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
CVSS Score
7.5
EPSS Score
0.001
Published
2023-12-03
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.
CVSS Score
5.3
EPSS Score
0.005
Published
2023-12-03