CVE-2023-49946

CVSS 3.1 Score 9.1 of 10 (high)

Details

Published Dec 3, 2023

Updated: Dec 7, 2023

CWE ID 732

Summary

CVE-2023-49946 is a vulnerability affecting Forgejo before version 1.20.5-1. This issue permits remote attackers to bypass permission checks on certain endpoints. As a result, they can access private issues, read pull requests, delete issues, and execute other unauthorized actions. The lack of object validation within these endpoints creates a significant security risk. Organizations using Forgejo are advised to upgrade to the latest version to mitigate this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/tq7TTh
https://www.cve.org/CVERecord?id=CVE-2023-49946
https://nvd.nist.gov/vuln/detail/CVE-2023-49946

Back to Vulnerability Database

CVE-2023-49946

CVSS 3.1 Score 9.1 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations