Forgejo before 1.20.5-1 allows remote attackers to test for the existence of private user accounts by appending .rss (or another extension) to a URL.
Affected Software
Name |
Vendor |
Start Version |
End Version |
Forgejo |
Forgejo |
* |
1.20.5-1 (excluding) |
References