Vulnerabilities > Forgejo

DATE	CVE	VULNERABILITY TITLE	RISK
2023-12-03	CVE-2023-49946	Incorrect Permission Assignment for Critical Resource vulnerability in Forgejo In Forgejo before 1.20.5-1, certain endpoints do not check whether an object belongs to a repository for which permissions are being checked. network low complexity forgejo CWE-732 critical	9.1
2023-12-03	CVE-2023-49947	Incorrect Authorization vulnerability in Forgejo Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. network low complexity forgejo CWE-863	7.5
2023-12-03	CVE-2023-49948	Unspecified vulnerability in Forgejo Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL. network low complexity forgejo	5.3

Vulnerabilities > Forgejo {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Forgejo"}]}