Kallithea before 0.3.2 allows remote authenticated users to edit or delete open pull requests or delete comments by leveraging read access.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|
| Kallithea | Kallithea | 0.3.1 (including) | 0.3.1 (including) |
References