Forgejo
CVE-2023-49946
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Lifecycle Timeline
1DescriptionNVD
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions.
AnalysisAI
In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
Technical ContextAI
This vulnerability is classified as Incorrect Permission Assignment (CWE-732), which allows attackers to access resources due to misconfigured permissions. In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. This allows remote attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions. Affected products include: Forgejo. Version information: before 1.20.5.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Review and restrict file/resource permissions, apply principle of least privilege.
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. Rated high severity (CVSS 7.5), t
Stored XSS in Forgejo before 15.0.3 allows authenticated users to execute arbitrary JavaScript in other users' browsers
Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today