Lucene search
K

1023 matches found

AlpineLinux
AlpineLinux
added 2022/03/11 10:40 a.m.29 views

CVE-2022-0870

Server-Side Request Forgery SSRF in GitHub repository gogs/gogs prior to 0.12.5...

5.3CVSS5.2AI score0.03422EPSS
Exploits1
Positive Technologies
Positive Technologies
added 2022/03/11 12:0 a.m.2 views

PT-2022-13488 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.5 Description: The issue is related to Server-Side Request Forgery SSRF in the repository migration functionality of gogs. This allows a malicious user to discover services in the internal network. All installation...

5.3CVSS5.4AI score0.03422EPSS
Exploits1References12
CNNVD
CNNVD
added 2022/03/11 12:0 a.m.3 views

Gogs 安全漏洞

Gogs Go Git Service is a self-service Git hosting service based on the Go language by the GOGS team, which supports creating and migrating public/private repositories, adding and deleting repository collaborators, and so on. A security vulnerability exists in Gogs versions prior to 0.12.5, which...

9.1CVSS7.7AI score0.01221EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2022/03/11 12:0 a.m.3 views

PT-2022-13489 · Gogs · Gogs

Name of the Vulnerable Software and Affected Versions: gogs versions prior to 0.12.5 Description: The issue concerns improper authorization handling in installations that use PAM as authentication sources. Expired PAM accounts and accounts with expired passwords are continued to be seen as valid...

9.1CVSS8.5AI score0.01221EPSS
Exploits1References13
Cvelist
Cvelist
added 2022/03/11 12:0 a.m.33 views

CVE-2022-0871 Missing Authorization in gogs/gogs

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5...

8.2CVSS9.5AI score0.01221EPSS
Exploits1References2
OSV
OSV
added 2022/03/11 12:0 a.m.11 views

CVE-2022-0871 Missing Authorization in gogs/gogs

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5...

8.2CVSS8.3AI score0.01221EPSS
Exploits1References4
CVE
CVE
added 2022/03/11 12:0 a.m.109 views

CVE-2022-0871

CVE-2022-0871 affects Gogs (gogs/gogs) prior to 0.12.5 and is described as Missing Authorization. Connected advisories/documents consistently describe improper PAM authorization handling as the root cause and indicate that updated builds fix the issue, recommending upgrading to 0.12.5 or (for new...

9.1CVSS8.8AI score0.01221EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 2022/03/11 12:0 a.m.64 views

CVE-2022-0871

Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5...

9.1CVSS8.8AI score0.01221EPSS
Exploits1
Huntr
Huntr
added 2022/03/06 10:34 a.m.25 views

Improper Authorization

Description When Gogs is build and configured for PAM authentification it skips checking authorization completely. Therefore expired accounts and accounts with expired passwords can still login. Proof of Concept You can expire an account with chage -E0 and still login. Impact Since disabling an...

5.8CVSS2.3AI score0.01221EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2021/09/12 5:57 p.m.11 views

Exploit for Session Fixation in Gogs

CVE-2018-18925 Exploitation of CVE-2018-18925 a Remote Code Ex...

9.8CVSS7.9AI score0.31882EPSS
Exploits2
Huntr
Huntr
added 2021/07/17 10:23 a.m.24 views

Server-Side Request Forgery (SSRF) in gogs/gogs

✍️ Description In 2018, this issue was created to address a SSRF vulnerability in gogs wherein an attacker could have gogs send requests to network-internal hosts - a patch for this was released see diff and no queries about the SSRF issue seem to have been raised again since from what I can tell...

5CVSS0.03422EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2021/06/29 6:32 p.m.61 views

Cross-site Scripting in Gogs

Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...

4.3CVSS5.5AI score0.01909EPSS
Exploits3References10Affected Software1
OSV
OSV
added 2021/06/29 6:32 p.m.21 views

GHSA-9HX4-QM7H-X84J Cross-site Scripting in Gogs

Cross-site scripting XSS vulnerability in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown...

4.3CVSS5.3AI score0.01909EPSS
Exploits3References9
Github Security Blog
Github Security Blog
added 2021/06/29 6:32 p.m.69 views

SQL Injection in Gogs

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

7.5CVSS8.3AI score0.33391EPSS
Exploits5References14Affected Software1
OSV
OSV
added 2021/06/29 6:32 p.m.223 views

GHSA-G6XV-8Q23-W2Q3 SQL Injection in Gogs

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

7.3CVSS8.1AI score0.33391EPSS
Exploits5References13
Github Security Blog
Github Security Blog
added 2021/06/29 6:32 p.m.58 views

SQL Injection in gogs.io/gogs

SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues...

7.5CVSS8.3AI score0.04437EPSS
Exploits5References13Affected Software2
OSV
OSV
added 2021/06/29 6:32 p.m.192 views

GHSA-MR6H-CHQP-P9G2 SQL Injection in gogs.io/gogs

SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs aka Go Git Service 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues...

6.5CVSS8AI score0.04437EPSS
Exploits5References13
Github Security Blog
Github Security Blog
added 2021/06/29 6:32 p.m.73 views

Open Redirect

Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirectto parameter, related to the function isValidRedirect in routes/user/auth.go...

6.1CVSS5.6AI score0.01316EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2021/06/29 6:32 p.m.14 views

GHSA-CPGW-2WXR-PWW3 Open Redirect

Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirectto parameter, related to the function isValidRedirect in routes/user/auth.go...

6.1CVSS6.2AI score0.01316EPSS
Exploits1References4
GitLab Advisory Database
GitLab Advisory Database
added 2021/06/29 12:0 a.m.56 views

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Multiple SQL injection vulnerabilities in Gogs aka Go Git Service 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to 1 api/v1/repos/search, which is not properly handled in models/repo.go, or 2 api/v1/users/search, which is...

7.5CVSS8.3AI score0.33391EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder