You can view Private Repositories's name from other users #23150
Labels
topic/security
Something leaks user information or is otherwise vulnerable. Should be fixed!
type/bug
Milestone
Comments
lunny
added
the
topic/security
lunny
added a commit
that referenced
this issue
Feb 26, 2023
Fixes #23150 Before:  After:  Co-authored-by: Lunny Xiao <[email protected]>
yardenshoham
pushed a commit
to yardenshoham/gitea
that referenced
this issue
Feb 26, 2023
…3155) Fixes go-gitea#23150 Before:  After:  Co-authored-by: Lunny Xiao <[email protected]>
lunny
added a commit
that referenced
this issue
Feb 26, 2023
…23158) Backport #23155 Fixes #23150 Before:  After:  Co-authored-by: yp05327 <[email protected]> Co-authored-by: Lunny Xiao <[email protected]>
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
Description
Technically you can't see the repositories of other users but you can see the name of that repository and know that it exists.
You have to use another account and the tool 'git clone' with the URL of the repository. You can see that the private repository exists because of the response.
Maybe this could lead to something else, in a CTF, I had to know the repository's name of the other user to make my user part of that repo by injecting a XSS and then, I could grab his SSH key to log into the machine.
The machine was Extension from HackTheBox.
Gitea Version
1.20.0
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
Git Version
2.39.2
Operating System
No response
How are you running Gitea?
I runned it from https://try.gitea.io/
Database
None
The text was updated successfully, but these errors were encountered: