Gitea versions before 1.25.5 look up tracked-time entries by time ID without scoping the lookup to the issue in the request URL, allowing deletion attempts to target entries from another issue.
Get an AI-powered plain-language explanation of this vulnerability and remediation steps.
Login to generate AI explanation4 reference(s) from NVD