CVE-2019-1000002

Name of the Vulnerable Software and Affected Versions: Gitea versions 1.6.2 and earlier

Description: The issue is related to Incorrect Access Control in the Delete/Edit file functionality, allowing an attacker to delete files outside the repository they have access to. This can be exploited by gaining write access to any repository, including self-created ones.

Recommendations: For Gitea versions 1.6.2 and earlier, update to version 1.6.3 or 1.7.0-rc2 to resolve the issue. As a temporary workaround, consider restricting write access to repositories to minimize the risk of exploitation.