Summary
Gogs Missing Authorization in Attachment Download
References
Related vulnerabilities
All Supply chain →- HIGHGHSA-HJWC-26PJ-V3PM
AgenticMail: Cross-agent task authorization bypass in AgenticMail API
- HIGHGHSA-35C4-RVC8-FRHM
Budibase: POST /api/attachments/:datasourceId/url is unauthenticated and lets anonymous callers mint S3 PUT pre-signed URLs using stored datasource IAM credentials
- MEDIUMGHSA-X93Q-X9PC-W5HW
Paymenter has broken object level authorization via service reference manipulation on ticket creation
- MEDIUMGHSA-8J8M-P79X-G4JM
AVideo's Privilege Escalation via Unguarded Permission Parameters in signUp API Allows Self-Granting Upload/Stream/Meet Permissions
- CRITICALGHSA-H3M5-97JQ-QJRF
OpenRemote Manager: removeAlarms cross-realm IDOR (bulk delete)
- HIGHGHSA-XHV3-Q4XX-349R
stistigmem-node: quarantine review surface exposes and mutates other tenants' quarantined facts (cross-tenant BOLA)