Skip to content

You can view Private Repositories's name from other users #23150

New issue
New issue
Closed
#23155
Closed
You can view Private Repositories's name from other users#23150
#23155
Labels
topic/securitySomething leaks user information or is otherwise vulnerable. Should be fixed!type/bug
Milestone
 
1.18.6
@Agusten7

Description

@Agusten7
Agusten7
opened on Feb 25, 2023

Description

Technically you can't see the repositories of other users but you can see the name of that repository and know that it exists.

You have to use another account and the tool 'git clone' with the URL of the repository. You can see that the private repository exists because of the response.

Maybe this could lead to something else, in a CTF, I had to know the repository's name of the other user to make my user part of that repo by injecting a XSS and then, I could grab his SSH key to log into the machine.

The machine was Extension from HackTheBox.

Gitea Version

1.20.0

Can you reproduce the bug on the Gitea demo site?

Yes

Log Gist

No response

Screenshots

paso_1
paso_2

Git Version

2.39.2

Operating System

No response

How are you running Gitea?

I runned it from https://try.gitea.io/

Database

None

Metadata

Metadata

Assignees

No one assigned

    Labels

    topic/securitySomething leaks user information or is otherwise vulnerable. Should be fixed!type/bug

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions