Unknwon

**Name of the Vulnerable Software and Affected Versions** Forgejo versions prior to 1.20.5-1 **Description** The issue allows remote attackers to perform unauthorized actions due to certain endpoints not checking whether an object belongs to a repository for which permissions are being checked. This enables attackers to read private issues, read private pull requests, delete issues, and perform other unauthorized actions. **Recommendations** For versions prior to 1.20.5-1, update to version 1.20.5-1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive endpoints until the update is applied.