Dont leak private users via extensions (#28023) #28028

GiteaBot · 2023-11-13T22:30:36Z

there was no check in place if a user could see a other user, if you append e.g. .rss

Dont leak private users via extensions (go-gitea#28023)

b446378

GiteaBot added topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! type/bug labels Nov 13, 2023

GiteaBot assigned 6543 Nov 13, 2023

GiteaBot added this to the 1.20.6 milestone Nov 13, 2023

GiteaBot added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Nov 13, 2023

GiteaBot requested review from delvh and denyskon November 13, 2023 22:30

pull-request-size bot added the size/XS Denotes a PR that changes 0-9 lines, ignoring generated files. label Nov 13, 2023

jolheiser approved these changes Nov 13, 2023

View reviewed changes

GiteaBot added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Nov 13, 2023

delvh approved these changes Nov 13, 2023

View reviewed changes

GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 13, 2023

6543 approved these changes Nov 13, 2023

View reviewed changes

6543 merged commit 69ea554 into go-gitea:release/v1.20 Nov 13, 2023

go-gitea locked as resolved and limited conversation to collaborators Feb 12, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Dont leak private users via extensions (#28023) #28028

Dont leak private users via extensions (#28023) #28028

GiteaBot commented Nov 13, 2023

Dont leak private users via extensions (#28023) #28028

Dont leak private users via extensions (#28023) #28028

Conversation

GiteaBot commented Nov 13, 2023