CVE-2019-1000002

Gitea version 1.6.2 and earlier contains a Incorrect Access Control vulnerability in Delete/Edit file functionallity that can result in the attacker deleting files outside the repository he/she has access to. This attack appears to be exploitable via the attacker must get write access to "any" repository including self-created ones.. This vulnerability appears to have been fixed in 1.6.3, 1.7.0-rc2.

packagechannelchannel versionpkg versionstatus
gitea
nixos-18.03
2019-02-20 10:25:14 UTC (cb0e20)1.5.2vulnerable
2019-01-16 18:00:31 UTC (138f2c)1.5.2vulnerable
2018-12-09 06:05:37 UTC (b551f8)1.5.2vulnerable
2018-11-29 21:00:31 UTC (a18112)1.5.2vulnerable
2018-11-28 06:10:25 UTC (9c96d1)1.5.2vulnerable
2018-11-23 12:45:42 UTC (e64482)1.5.2vulnerable
2018-11-20 12:35:27 UTC (947247)1.5.2vulnerable
2018-11-16 21:00:27 UTC (263f7b)1.5.2vulnerable
2018-11-14 10:35:19 UTC (1d8470)1.5.2vulnerable
2018-11-05 13:10:34 UTC (21b7f5)1.5.2vulnerable
2018-11-02 08:50:28 UTC (0e614d)1.5.2vulnerable
2018-10-30 16:25:07 UTC (19fc6d)1.5.2vulnerable
2018-10-30 14:40:31 UTC (6f07d2)1.5.2vulnerable
2018-10-28 11:35:42 UTC (b4e3a4)1.5.2vulnerable
2018-10-15 12:50:34 UTC (5d19e3)1.5.1vulnerable
2018-10-13 20:20:17 UTC (e85e0c)1.5.1vulnerable
2018-10-13 09:40:17 UTC (d592f2)1.5.1vulnerable
2018-10-11 15:15:08 UTC (5a38f7)1.5.1vulnerable
2018-10-09 11:20:30 UTC (c56ede)1.5.1vulnerable
2018-10-05 13:25:12 UTC (862fb5)1.5.1vulnerable
2018-10-05 13:00:32 UTC (c4eddc)1.5.1vulnerable
2018-09-21 06:10:31 UTC (d16a7a)1.5.1vulnerable
2018-09-19 17:10:27 UTC (8edf56)1.5.1vulnerable
2018-09-18 17:55:38 UTC (305f13)1.5.1vulnerable
2018-09-16 07:30:36 UTC (01f5e7)1.5.1vulnerable
2018-09-13 15:30:12 UTC (5f59ab)1.5.1vulnerable
2018-09-08 09:20:09 UTC (45f52f)1.5.1vulnerable
2018-09-02 21:10:32 UTC (8b92a4)1.5.0vulnerable
2018-09-02 14:20:10 UTC (8c172c)1.5.0vulnerable
2018-09-01 13:55:20 UTC (a960b8)1.5.0vulnerable
2018-08-31 04:20:38 UTC (a37638)1.5.0vulnerable
2018-08-29 17:10:10 UTC (edd63e)1.5.0vulnerable
2018-08-24 19:10:30 UTC (fde201)1.5.0vulnerable
2018-08-23 23:50:20 UTC (f094fd)1.5.0vulnerable
2018-08-19 18:15:22 UTC (4df342)1.5.0vulnerable
2018-08-18 23:45:22 UTC (47b68d)1.5.0vulnerable
2018-08-17 21:25:22 UTC (a4e068)1.5.0vulnerable
2018-08-17 14:30:05 UTC (cd0cd9)1.5.0vulnerable
2018-08-16 13:20:15 UTC (c1ef96)1.5.0vulnerable
2018-08-16 08:30:34 UTC (8b4ed6)1.5.0vulnerable
2018-08-15 15:40:37 UTC (5b8a24)1.5.0vulnerable
2018-08-15 05:50:22 UTC (66bd47)1.5.0vulnerable
2018-08-14 17:35:19 UTC (9cbc73)1.5.0vulnerable
2018-08-13 09:25:26 UTC (10b979)1.5.0vulnerable
2018-08-13 03:20:34 UTC (89ff9f)1.5.0vulnerable
nixos-18.09
2019-01-03 19:25:43 UTC (9d608a)1.6.2vulnerable
2018-12-31 13:00:37 UTC (039634)1.6.2vulnerable
2018-12-30 14:00:25 UTC (0a8f35)1.6.2vulnerable
2018-12-28 07:35:42 UTC (76aafb)1.6.2vulnerable
2018-12-27 12:40:37 UTC (33000f)1.6.2vulnerable
2018-12-26 14:30:28 UTC (c84063)1.6.2vulnerable
2018-12-25 16:20:30 UTC (928ff6)1.6.2vulnerable
2018-12-23 01:10:36 UTC (b9fa31)1.6.2vulnerable
2018-12-22 15:40:22 UTC (11c992)1.6.2vulnerable
2018-11-08 03:40:17 UTC (a4c4cb)1.5.2vulnerable
2018-11-06 06:40:34 UTC (6d6e4e)1.5.2vulnerable
2018-11-06 02:35:23 UTC (450792)1.5.2vulnerable
2018-11-05 08:35:13 UTC (bf7930)1.5.2vulnerable
2018-11-04 07:05:13 UTC (9ea650)1.5.2vulnerable
2018-11-04 02:50:34 UTC (98c115)1.5.2vulnerable
2018-10-30 02:10:12 UTC (06fb02)1.5.2vulnerable
2018-10-18 19:40:14 UTC (091950)1.5.2vulnerable
2018-10-18 10:30:20 UTC (81f5c2)1.5.2vulnerable
2018-10-15 13:45:23 UTC (c06f53)1.5.1vulnerable
2018-10-15 06:05:18 UTC (08005e)1.5.1vulnerable
2018-10-14 13:15:18 UTC (d96c7a)1.5.1vulnerable
2018-10-11 07:15:22 UTC (4dd9cd)1.5.1vulnerable
2018-10-10 16:15:30 UTC (8cfce9)1.5.1vulnerable
2018-10-10 03:00:34 UTC (59fe4c)1.5.1vulnerable
2018-10-09 20:05:32 UTC (de37b4)1.5.1vulnerable
2018-10-09 08:40:17 UTC (1ada6f)1.5.1vulnerable
2018-10-08 20:00:22 UTC (21293d)1.5.1vulnerable
2018-10-08 13:30:11 UTC (617607)1.5.1vulnerable
2018-10-06 23:30:25 UTC (299814)1.5.1vulnerable
2018-10-06 14:10:32 UTC (6a3f5b)1.5.1vulnerable
2018-10-04 13:05:14 UTC (6cbd1e)1.5.1vulnerable
2018-10-03 08:15:23 UTC (7f70eb)1.5.1vulnerable
2018-10-02 19:55:28 UTC (3e44d2)1.5.1vulnerable
2018-10-02 09:45:23 UTC (66fd61)1.5.1vulnerable
2018-10-02 01:05:40 UTC (10eec0)1.5.1vulnerable
2018-10-01 11:30:25 UTC (b550b7)1.5.1vulnerable
2018-10-01 08:35:23 UTC (0f1911)1.5.1vulnerable
2018-10-01 03:05:17 UTC (26537f)1.5.1vulnerable
2018-09-29 14:15:10 UTC (c922e2)1.5.1vulnerable
2018-09-28 06:20:12 UTC (376891)1.5.1vulnerable
2018-09-27 11:35:18 UTC (3c85e5)1.5.1vulnerable
2018-09-27 08:15:14 UTC (d26e83)1.5.1vulnerable
2018-09-26 15:15:11 UTC (29660a)1.5.1vulnerable
2018-09-26 03:35:36 UTC (391bf8)1.5.1vulnerable
2018-09-25 20:25:23 UTC (358326)1.5.1vulnerable
2018-09-25 15:25:44 UTC (69514d)1.5.1vulnerable
2018-09-24 12:35:11 UTC (e49665)1.5.1vulnerable
2018-09-21 09:35:13 UTC (ef450e)1.5.1vulnerable
2018-09-21 05:20:41 UTC (40d22a)1.5.1vulnerable
2018-09-15 00:45:23 UTC (9fa6a2)1.5.1vulnerable
2018-09-14 18:55:29 UTC (221ec6)1.5.1vulnerable
2018-09-12 22:40:23 UTC (32c008)1.5.1vulnerable
2018-09-12 08:15:39 UTC (8468a4)1.5.1vulnerable
2018-09-06 08:40:22 UTC (6f3bd5)1.5.1vulnerable
2018-09-06 03:15:12 UTC (a01552)1.5.1vulnerable
2018-09-05 18:45:13 UTC (dea9a0)1.5.1vulnerable
2018-09-03 23:20:16 UTC (c0bde6)1.5.0vulnerable
nixos-unstable
2019-01-04 22:55:33 UTC (eebd1a)1.6.2vulnerable
2018-12-30 14:15:36 UTC (201d73)1.6.2vulnerable
2018-12-27 16:45:30 UTC (ae002f)1.6.2vulnerable
2018-12-14 18:35:35 UTC (44b02b)1.6.0vulnerable
2018-12-14 07:45:26 UTC (e0a4d1)1.6.0vulnerable
2018-12-13 17:40:40 UTC (562b7a)1.6.0vulnerable
2018-12-13 10:00:19 UTC (47f008)1.6.0vulnerable
2018-12-13 06:35:46 UTC (c556e6)1.6.0vulnerable
2018-12-12 05:20:26 UTC (ad3e91)1.6.0vulnerable
2018-12-11 15:30:23 UTC (644950)1.6.0vulnerable
2018-12-11 11:30:31 UTC (86344b)1.6.0vulnerable
2018-12-08 11:40:58 UTC (e85c1f)1.6.0vulnerable
2018-12-08 01:10:44 UTC (ca3f08)1.6.0vulnerable
2018-12-07 20:20:37 UTC (57c69f)1.6.0vulnerable
2018-12-07 00:45:17 UTC (c26dbe)1.6.0vulnerable
2018-11-08 10:00:24 UTC (614193)1.5.2vulnerable
2018-11-04 23:10:32 UTC (179b81)1.5.2vulnerable
2018-10-31 09:20:24 UTC (c70ad8)1.5.2vulnerable
2018-10-16 16:35:39 UTC (45a419)1.5.2vulnerable
2018-10-14 10:25:34 UTC (32bcd7)1.5.1vulnerable
2018-10-05 04:00:11 UTC (0a7e25)1.5.1vulnerable
2018-10-04 07:55:22 UTC (f2b3bb)1.5.1vulnerable
2018-10-03 17:00:26 UTC (13b290)1.5.1vulnerable
2018-09-28 02:05:44 UTC (46651b)1.5.1vulnerable
2018-09-27 09:35:18 UTC (a70d3b)1.5.1vulnerable
2018-09-22 02:40:19 UTC (7df10f)1.5.1vulnerable
2018-09-21 13:25:18 UTC (06df7c)1.5.1vulnerable
2018-09-20 00:25:11 UTC (5664e6)1.5.1vulnerable
2018-09-15 16:35:21 UTC (218ce4)1.5.1vulnerable
2018-09-15 00:25:23 UTC (3c5788)1.5.1vulnerable
2018-09-13 09:20:13 UTC (56b9f6)1.5.1vulnerable
2018-09-06 12:05:23 UTC (ca2ba4)1.5.1vulnerable
2018-08-31 20:00:16 UTC (083220)1.5.0vulnerable
2018-08-24 12:50:09 UTC (7db611)1.5.0vulnerable
2018-08-17 11:25:34 UTC (8395f9)1.5.0vulnerable
2018-08-13 14:40:22 UTC (6afd19)1.5.0vulnerable
2018-07-11 16:40:22 UTC (dae9cf)1.4.2vulnerable
2018-07-08 19:55:08 UTC (2a8a55)1.4.2vulnerable
2018-07-08 16:40:22 UTC (784f54)1.4.2vulnerable
2018-07-06 19:55:40 UTC (fda46a)1.4.2vulnerable
2018-07-02 04:50:18 UTC (be1461)1.4.2vulnerable
2018-07-01 00:20:18 UTC (687f5d)1.4.2vulnerable
2018-06-30 12:30:34 UTC (85497a)1.4.2vulnerable
2018-06-29 19:45:17 UTC (e686bd)1.4.2vulnerable
2018-06-22 13:15:24 UTC (a8c710)1.4.2vulnerable
2018-06-14 21:57:20 UTC (4b649a)1.4.1vulnerable