Skip to content

Do not allow Ghost access to limited visible user/org (#21849) #21876

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Nov 20, 2022
Merged

Do not allow Ghost access to limited visible user/org (#21849) #21876

merged 1 commit into from
Nov 20, 2022

Conversation

KN4CK3R
Copy link
Member

@KN4CK3R KN4CK3R commented Nov 20, 2022

Backport of #21849

@KN4CK3R @lafriks
Do not allow Ghost access to limited visible user/org (go-gitea#21849)
af494e4 
The Ghost user should not be allowed to have access to a limited visible
user/org.

Co-authored-by: Lauris BH <lauris@nix.lv>
@KN4CK3R KN4CK3R added the topic/security Something leaks user information or is otherwise vulnerable. Should be fixed! label Nov 20, 2022
@KN4CK3R KN4CK3R added this to the 1.18.0 milestone Nov 20, 2022
@GiteaBot GiteaBot added the lgtm/need 1 This PR needs approval from one additional maintainer to be merged. label Nov 20, 2022
@GiteaBot GiteaBot added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Nov 20, 2022
@zeripath zeripath merged commit b236983 into go-gitea:release/v1.18 Nov 20, 2022
@KN4CK3R KN4CK3R deleted the backport-88d5275-18 branch November 21, 2022 09:46
@lunny lunny added the skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. label Nov 23, 2022
@notDavid
Copy link

@KN4CK3R @zeripath Hey, not sure if this is relevant... but fyi: #21615 (comment)

@go-gitea go-gitea locked and limited conversation to collaborators May 3, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@lunny lunny lunny approved these changes

@lafriks lafriks lafriks approved these changes

+1 more reviewer

@zeripath zeripath zeripath approved these changes

Reviewers whose approvals may not affect merge requirements
Assignees
No one assigned
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. skip-changelog This PR is irrelevant for the (next) changelog, for example bug fixes for unreleased features. topic/security Something leaks user information or is otherwise vulnerable. Should be fixed!
Projects
None yet
Milestone
1.18.0
Development

Successfully merging this pull request may close these issues.
6 participants
@KN4CK3R @notDavid @lunny @lafriks @zeripath @GiteaBot