Hi, I found a issue just like gogs/gogs#5469.
With gitea's default installation, I can authenticate as arbitrary account. But due to some server configuration, I can't reproduce in https://try.gitea.io .
As this is a very severe issue, I won't post details here. Can you give me your email address and I send the details to you?
The text was updated successfully, but these errors were encountered:
If there's an app.ini / external way to mitigate this issue before an official patch is out, it might be worth sharing early so we can harden our installation(s). I don't want to interfere with any project security policy, but eventually the patch/commit will be public anyway.
Gitea version (or commit ref): current (9458880)
Can you reproduce the bug at https://try.gitea.io:
Description
Hi, I found a issue just like gogs/gogs#5469.
With gitea's default installation, I can authenticate as arbitrary account. But due to some server configuration, I can't reproduce in https://try.gitea.io .
As this is a very severe issue, I won't post details here. Can you give me your email address and I send the details to you?
The text was updated successfully, but these errors were encountered: