Moderate severityOSV Advisory· Published Feb 4, 2019· Updated Aug 5, 2024
CVE-2019-1000002
CVE-2019-1000002
Description
Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
code.gitea.io/giteaGo | < 1.6.3 | 1.6.3 |
Affected products
2Patches
Vulnerability mechanics
References
3- github.com/advisories/GHSA-j99q-rwp6-498gghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2019-1000002ghsaADVISORY
- github.com/go-gitea/gitea/pull/5631ghsax_refsource_MISCWEB
News mentions
0No linked articles in our index yet.