Skip to main content

Improper Locking

CVE-2020-13246

Severity High
Score 7.5/10

Summary

An issue was discovered in Gitea through 1.11.5. An attacker can trigger a deadlock by initiating a transfer of a repository's ownership from one organization to another.

  • LOW
  • NETWORK
  • NONE
  • UNCHANGED
  • NONE
  • NONE
  • NONE
  • HIGH

CWE-667 - Improper Locking

The software does not properly acquire or release a lock on a resource, leading to unexpected resource state changes and behaviors.

Advisory Timeline

  • Published