You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
It seems that /api/packages/{ownername}/nuget will always return http.StatusOK no matter whether doer has permission.
Is it by design?
If it is by design, I think it will be a security problem which is same as #23150.
If I give an unexisted username, it will return Internal Server Error
If I give an existed Private username, it will return xml
Gitea Version
latest
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
build
Database
None
The text was updated successfully, but these errors were encountered:
Description
Related to #22705 CI result: https://drone.gitea.io/go-gitea/gitea/68876
It seems that
/api/packages/{ownername}/nuget
will always returnhttp.StatusOK
no matter whether doer has permission.Is it by design?
If it is by design, I think it will be a security problem which is same as #23150.
If I give an unexisted username, it will return Internal Server Error
If I give an existed Private username, it will return xml
Gitea Version
latest
Can you reproduce the bug on the Gitea demo site?
Yes
Log Gist
No response
Screenshots
No response
Git Version
No response
Operating System
No response
How are you running Gitea?
build
Database
None
The text was updated successfully, but these errors were encountered: