CVE-2020-13246

HIGH

Gitea < 1.11.5 and 1.12.0 - Deadlock via Repository Ownership Transfer

Title source: llm
STIX 2.1

Description

An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.

References (3)

Core 3
Core References
Exploit, Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/go-gitea/gitea/issues/10549
Patch, Third Party Advisory x_refsource_misc
https://github.com/go-gitea/gitea/pull/11438
Exploit, Third Party Advisory x_refsource_misc
https://www.youtube.com/watch?v=DmVgADSVS88

Scores

CVSS v3 7.5
EPSS 0.0199
EPSS Percentile 78.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-667
Status published
Products (2)
gitea/gitea < 1.11.5
go-gitea/gitea 0 - 1.12.0Go
Published May 20, 2020
Tracked Since Feb 18, 2026