vulnerability
FreeBSD: VID-eb437e17-66a1-11ef-ac08-75165d18d8d2: forgejo -- The scope of application tokens was not verified when writing containers or Conan packages.
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 7 | (AV:N/AC:L/Au:S/C:N/I:C/A:N) | Aug 30, 2024 | Aug 31, 2024 | Dec 10, 2025 |
Severity
7
CVSS
(AV:N/AC:L/Au:S/C:N/I:C/A:N)
Published
Aug 30, 2024
Added
Aug 31, 2024
Modified
Dec 10, 2025
Description
The forgejo team reports: The scope of application tokens was not verified when writing containers or Conan packages. This is of no consequence when the user associated with the application token does not have write access to packages. If the user has write access to packages, such a token can be used to write containers and Conan packages. An application token that was used to write containers or Conan packages without the package:write scope will now fail with an unauthorized error. It must be re-created to include the package:write scope.
Solution
freebsd-upgrade-package-forgejo
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.