Maitaii

**Name of the Vulnerable Software and Affected Versions** OpenVSX versions v0.9.0 through v0.20.0 **Description** The issue allows a user to edit all namespace details, including name, description, website, support link, and social media links, even if the user is not a namespace Owner or Contributor. This is possible through the `/user/namespace/{namespace}/details` API endpoint and also affects the `/user/namespace/{namespace}/details/logo` endpoint, allowing a user to change the logo. **Recommendations** For OpenVSX versions v0.9.0 through v0.20.0, consider restricting access to the `/user/namespace/{namespace}/details` and `/user/namespace/{namespace}/details/logo` API endpoints to only allow authorized users, such as namespace Owners or Contributors, to edit namespace details and change logos. At the moment, there is no information about a newer version that contains a fix for this vulnerability.