The settings of repositories is vulnerable to CSRF