Description
Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write.
Problem types
Product status
Any version
Credits
ddd
References
github.com/.../gitea/security/advisories/GHSA-mm7c-rhg6-qr4r
github.com/.../gitea/security/advisories/GHSA-mm7c-rhg6-qr4r (GitHub Security Advisory)
github.com/go-gitea/gitea/pull/37479 (GitHub Pull Request #37479)
github.com/go-gitea/gitea/pull/37484 (GitHub Pull Request #37484)
github.com/go-gitea/gitea/releases/tag/v1.26.2 (Gitea v1.26.2 Release)
blog.gitea.com/release-of-1.26.2/ (Gitea v1.26.2 Release Blog Post)