1023 matches found
CVE-2022-0870
Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.5...
PT-2022-13488 · Gogs · Gogs
Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.5 Description: The issue is related to Server-Side Request Forgery SSRF in the repository migration functionality of gogs. This allows a malicious user to discover services in the internal network. All installation...
Gogs 安全漏洞
Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.12.5, which...
PT-2022-13489 · Gogs · Gogs
Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.5 Description: The issue concerns improper authorization handling in installations that use PAM as authentication sources. Expired PAM accounts and accounts with expired passwords are continued to be seen as valid...
CVE-2022-0871 Missing Authorization in gogs/gogs
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5...
CVE-2022-0871 Missing Authorization in gogs/gogs
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5...
CVE-2022-0871
CVE-2022-0871 affects Gogs (gogs/gogs) prior to 0.12.5 and is described as Missing Authorization. Connected advisories/documents consistently describe improper PAM authorization handling as the root cause and indicate that updated builds fix the issue, recommending upgrading to 0.12.5 or (for new...
CVE-2022-0871
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5...
Improper Authorization
Description When Gogs is build and configured for PAM authentification it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login. Proof of Concept You can expire an account with chage -E0 and still login. Impact Since disabling an...
Exploit for Session Fixation in Gogs
CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Ex...
Server-Side Request Forgery (SSRF) in gogs/gogs
✍️ Description In 2018, this issue was created to address a SSRF vulnerability in gogs wherein an attacker could have gogs send requests to network-internal hosts - a patch for this was released see diff and no queries about the SSRF issue seem to have been raised again since from what I can tell...
Cross-site Scripting in Gogs
Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...
GHSA-9HX4-QM7H-X84J Cross-site Scripting in Gogs
Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...
SQL Injection in Gogs
Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...
GHSA-G6XV-8Q23-W2Q3 SQL Injection in Gogs
Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...
SQL Injection in gogs.io/gogs
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues...
GHSA-MR6H-CHQP-P9G2 SQL Injection in gogs.io/gogs
SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues...
Open Redirect
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirectto parameter, related to the function isValidRedirect in routes/user/auth.go...
GHSA-CPGW-2WXR-PWW3 Open Redirect
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirectto parameter, related to the function isValidRedirect in routes/user/auth.go...
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...