Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
20 vulnerabilities found for gogs/gogs by gogs
CVE-2022-1884 (GCVE-0-2022-1884)
Vulnerability from cvelistv5 – Published: 2024-11-15 10:53 – Updated: 2024-11-15 19:15
VLAI
Title
Remote Command Execution in gogs/gogs
Summary
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.
Severity
10 (Critical)
10 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "0.12.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:13:14.910217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T19:15:02.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution vulnerability exists in gogs/gogs versions \u003c=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:53:00.844Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b"
}
],
"source": {
"advisory": "9cd4e7b7-0979-4e5e-9a1c-388b58dea76b",
"discovery": "EXTERNAL"
},
"title": "Remote Command Execution in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2022-1884",
"datePublished": "2024-11-15T10:53:00.844Z",
"dateReserved": "2022-05-25T12:20:16.450Z",
"dateUpdated": "2024-11-15T19:15:02.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2024 (GCVE-0-2022-2024)
Vulnerability from cvelistv5 – Published: 2023-02-25 00:00 – Updated: 2025-03-11 15:39
VLAI
Title
OS Command Injection in gogs/gogs
Summary
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:39:21.393919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:39:29.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97"
},
{
"url": "https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41"
}
],
"source": {
"advisory": "18cf9256-23ab-4098-a769-85f8da130f97",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2024",
"datePublished": "2023-02-25T00:00:00.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2025-03-11T15:39:29.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1986 (GCVE-0-2022-1986)
Vulnerability from cvelistv5 – Published: 2022-06-09 03:35 – Updated: 2024-08-03 00:24
VLAI
Title
OS Command Injection in gogs/gogs
Summary
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
Severity
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/38aff73251cc4… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T03:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
],
"source": {
"advisory": "776e8f29-ff5e-4501-bb9f-0bd335007930",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1986",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.9"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"name": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
]
},
"source": {
"advisory": "776e8f29-ff5e-4501-bb9f-0bd335007930",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1986",
"datePublished": "2022-06-09T03:35:11.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1993 (GCVE-0-2022-1993)
Vulnerability from cvelistv5 – Published: 2022-06-08 13:55 – Updated: 2024-08-03 00:24
VLAI
Title
Path Traversal in gogs/gogs
Summary
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
Severity
8.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/9bf748b6c4c9a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T13:55:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf"
}
],
"source": {
"advisory": "22f9c074-cf60-4c67-b5c4-72fdf312609d",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1993",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.9"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d"
},
{
"name": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf"
}
]
},
"source": {
"advisory": "22f9c074-cf60-4c67-b5c4-72fdf312609d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1993",
"datePublished": "2022-06-08T13:55:11.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1992 (GCVE-0-2022-1992)
Vulnerability from cvelistv5 – Published: 2022-06-08 13:30 – Updated: 2024-08-03 00:24
VLAI
Title
Path Traversal in gogs/gogs
Summary
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
Severity
10 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-908… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/2ca014250fbf0… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T13:30:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0"
}
],
"source": {
"advisory": "2e8cdc57-a9cf-46ae-9088-87f09e6c90ab",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1992",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.9"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab"
},
{
"name": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0"
}
]
},
"source": {
"advisory": "2e8cdc57-a9cf-46ae-9088-87f09e6c90ab",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1992",
"datePublished": "2022-06-08T13:30:14.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1285 (GCVE-0-2022-1285)
Vulnerability from cvelistv5 – Published: 2022-06-01 05:55 – Updated: 2024-08-02 23:55
VLAI
Title
Server-Side Request Forgery (SSRF) in gogs/gogs
Summary
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.
Severity
8.3 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/7885f454a4946… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T05:55:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
}
],
"source": {
"advisory": "da1fbd6e-7a02-458e-9c2e-6d226c47046d",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1285",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.8"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
},
{
"name": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
}
]
},
"source": {
"advisory": "da1fbd6e-7a02-458e-9c2e-6d226c47046d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1285",
"datePublished": "2022-06-01T05:55:10.000Z",
"dateReserved": "2022-04-09T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1464 (GCVE-0-2022-1464)
Vulnerability from cvelistv5 – Published: 2022-05-05 13:45 – Updated: 2024-08-03 00:03
VLAI
Title
Stored xss bug in gogs/gogs
Summary
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
Severity
7.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/bc77440b301ac… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account ."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T13:45:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850"
}
],
"source": {
"advisory": "34a12146-3a5d-4efc-a0f8-7a3ae04b198d",
"discovery": "EXTERNAL"
},
"title": "Stored xss bug in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1464",
"STATE": "PUBLIC",
"TITLE": "Stored xss bug in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.7"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account ."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d"
},
{
"name": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850"
}
]
},
"source": {
"advisory": "34a12146-3a5d-4efc-a0f8-7a3ae04b198d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1464",
"datePublished": "2022-05-05T13:45:12.000Z",
"dateReserved": "2022-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0415 (GCVE-0-2022-0415)
Vulnerability from cvelistv5 – Published: 2022-03-21 10:45 – Updated: 2024-08-02 23:25
VLAI
Title
Remote Command Execution in uploading repository file in gogs/gogs
Summary
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
Severity
9.9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b4928cfe-4110-462f-a18… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/0fef3c9082269… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T10:45:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284"
}
],
"source": {
"advisory": "b4928cfe-4110-462f-a180-6d5673797902",
"discovery": "EXTERNAL"
},
"title": "Remote Command Execution in uploading repository file in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0415",
"STATE": "PUBLIC",
"TITLE": "Remote Command Execution in uploading repository file in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.6"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902"
},
{
"name": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284"
}
]
},
"source": {
"advisory": "b4928cfe-4110-462f-a180-6d5673797902",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0415",
"datePublished": "2022-03-21T10:45:13.000Z",
"dateReserved": "2022-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0870 (GCVE-0-2022-0870)
Vulnerability from cvelistv5 – Published: 2022-03-11 10:40 – Updated: 2024-08-02 23:40
VLAI
Title
Server-Side Request Forgery (SSRF) in gogs/gogs
Summary
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
Severity
5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/327797d7-ae41-498f-9bf… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/91f2cde5e95f1… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T10:40:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb"
}
],
"source": {
"advisory": "327797d7-ae41-498f-9bff-cc0bf98cf531",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0870",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.5"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531"
},
{
"name": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb"
}
]
},
"source": {
"advisory": "327797d7-ae41-498f-9bff-cc0bf98cf531",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0870",
"datePublished": "2022-03-11T10:40:09.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0871 (GCVE-0-2022-0871)
Vulnerability from cvelistv5 – Published: 2022-03-11 00:00 – Updated: 2024-08-02 23:40
VLAI
Title
Missing Authorization in gogs/gogs
Summary
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
Severity
8.2 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/64102be2c90e1b47dbdd379873ba76c80d4b0e78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62"
},
{
"url": "https://github.com/gogs/gogs/commit/64102be2c90e1b47dbdd379873ba76c80d4b0e78"
}
],
"source": {
"advisory": "ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0871",
"datePublished": "2022-03-11T00:00:00.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1884 (GCVE-0-2022-1884)
Vulnerability from nvd – Published: 2024-11-15 10:53 – Updated: 2024-11-15 19:15
VLAI
Title
Remote Command Execution in gogs/gogs
Summary
A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.
Severity
10 (Critical)
10 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
1 reference
Impacted products
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "0.12.7",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-1884",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-15T19:13:14.910217Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T19:15:02.353Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThanOrEqual": "latest",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A remote command execution vulnerability exists in gogs/gogs versions \u003c=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-11-15T10:53:00.844Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntr_ai"
},
"references": [
{
"url": "https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b"
}
],
"source": {
"advisory": "9cd4e7b7-0979-4e5e-9a1c-388b58dea76b",
"discovery": "EXTERNAL"
},
"title": "Remote Command Execution in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntr_ai",
"cveId": "CVE-2022-1884",
"datePublished": "2024-11-15T10:53:00.844Z",
"dateReserved": "2022-05-25T12:20:16.450Z",
"dateUpdated": "2024-11-15T19:15:02.353Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-2024 (GCVE-0-2022-2024)
Vulnerability from nvd – Published: 2023-02-25 00:00 – Updated: 2025-03-11 15:39
VLAI
Title
OS Command Injection in gogs/gogs
Summary
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
Severity
9.8 (Critical)
SSVC
Exploitation: poc
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-2024",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-03-11T15:39:21.393919Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-03-11T15:39:29.120Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.11",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-02-25T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97"
},
{
"url": "https://github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41"
}
],
"source": {
"advisory": "18cf9256-23ab-4098-a769-85f8da130f97",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-2024",
"datePublished": "2023-02-25T00:00:00.000Z",
"dateReserved": "2022-06-08T00:00:00.000Z",
"dateUpdated": "2025-03-11T15:39:29.120Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1986 (GCVE-0-2022-1986)
Vulnerability from nvd – Published: 2022-06-09 03:35 – Updated: 2024-08-03 00:24
VLAI
Title
OS Command Injection in gogs/gogs
Summary
OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
Severity
10 (Critical)
CWE
- CWE-78 - Improper Neutralization of Special Elements used in an OS Command
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/38aff73251cc4… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.142Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper Neutralization of Special Elements used in an OS Command",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-09T03:35:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
],
"source": {
"advisory": "776e8f29-ff5e-4501-bb9f-0bd335007930",
"discovery": "EXTERNAL"
},
"title": "OS Command Injection in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1986",
"STATE": "PUBLIC",
"TITLE": "OS Command Injection in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.9"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-78 Improper Neutralization of Special Elements used in an OS Command"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930"
},
{
"name": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/38aff73251cc46ced96dd608dab6190415032a82"
}
]
},
"source": {
"advisory": "776e8f29-ff5e-4501-bb9f-0bd335007930",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1986",
"datePublished": "2022-06-09T03:35:11.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.142Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1993 (GCVE-0-2022-1993)
Vulnerability from nvd – Published: 2022-06-08 13:55 – Updated: 2024-08-03 00:24
VLAI
Title
Path Traversal in gogs/gogs
Summary
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
Severity
8.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/9bf748b6c4c9a… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:44.031Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T13:55:11.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf"
}
],
"source": {
"advisory": "22f9c074-cf60-4c67-b5c4-72fdf312609d",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1993",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.9"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d"
},
{
"name": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf"
}
]
},
"source": {
"advisory": "22f9c074-cf60-4c67-b5c4-72fdf312609d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1993",
"datePublished": "2022-06-08T13:55:11.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:44.031Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1992 (GCVE-0-2022-1992)
Vulnerability from nvd – Published: 2022-06-08 13:30 – Updated: 2024-08-03 00:24
VLAI
Title
Path Traversal in gogs/gogs
Summary
Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
Severity
10 (Critical)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-908… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/2ca014250fbf0… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:24:43.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.9",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-08T13:30:14.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0"
}
],
"source": {
"advisory": "2e8cdc57-a9cf-46ae-9088-87f09e6c90ab",
"discovery": "EXTERNAL"
},
"title": "Path Traversal in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1992",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.9"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Path Traversal in GitHub repository gogs/gogs prior to 0.12.9."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab"
},
{
"name": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0"
}
]
},
"source": {
"advisory": "2e8cdc57-a9cf-46ae-9088-87f09e6c90ab",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1992",
"datePublished": "2022-06-08T13:30:14.000Z",
"dateReserved": "2022-06-03T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:24:43.718Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1285 (GCVE-0-2022-1285)
Vulnerability from nvd – Published: 2022-06-01 05:55 – Updated: 2024-08-02 23:55
VLAI
Title
Server-Side Request Forgery (SSRF) in gogs/gogs
Summary
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.
Severity
8.3 (High)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/7885f454a4946… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:55:24.665Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.8",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-06-01T05:55:10.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
}
],
"source": {
"advisory": "da1fbd6e-7a02-458e-9c2e-6d226c47046d",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1285",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.8"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c47046d"
},
{
"name": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b4f8c603b5eea7429c7f"
}
]
},
"source": {
"advisory": "da1fbd6e-7a02-458e-9c2e-6d226c47046d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1285",
"datePublished": "2022-06-01T05:55:10.000Z",
"dateReserved": "2022-04-09T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:55:24.665Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-1464 (GCVE-0-2022-1464)
Vulnerability from nvd – Published: 2022-05-05 13:45 – Updated: 2024-08-03 00:03
VLAI
Title
Stored xss bug in gogs/gogs
Summary
Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account .
Severity
7.3 (High)
CWE
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/bc77440b301ac… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T00:03:06.270Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.7",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account ."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T13:45:12.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850"
}
],
"source": {
"advisory": "34a12146-3a5d-4efc-a0f8-7a3ae04b198d",
"discovery": "EXTERNAL"
},
"title": "Stored xss bug in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-1464",
"STATE": "PUBLIC",
"TITLE": "Stored xss bug in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.7"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stored xss bug in GitHub repository gogs/gogs prior to 0.12.7. As the repo is public , any user can view the report and when open the attachment then xss is executed. This bug allow executed any javascript code in victim account ."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/34a12146-3a5d-4efc-a0f8-7a3ae04b198d"
},
{
"name": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/bc77440b301ac8780698be91dff1ac33b7cee850"
}
]
},
"source": {
"advisory": "34a12146-3a5d-4efc-a0f8-7a3ae04b198d",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-1464",
"datePublished": "2022-05-05T13:45:12.000Z",
"dateReserved": "2022-04-25T00:00:00.000Z",
"dateUpdated": "2024-08-03T00:03:06.270Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0415 (GCVE-0-2022-0415)
Vulnerability from nvd – Published: 2022-03-21 10:45 – Updated: 2024-08-02 23:25
VLAI
Title
Remote Command Execution in uploading repository file in gogs/gogs
Summary
Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6.
Severity
9.9 (Critical)
CWE
- CWE-20 - Improper Input Validation
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/b4928cfe-4110-462f-a18… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/0fef3c9082269… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:25:40.311Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.6",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-20",
"description": "CWE-20 Improper Input Validation",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-21T10:45:13.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284"
}
],
"source": {
"advisory": "b4928cfe-4110-462f-a180-6d5673797902",
"discovery": "EXTERNAL"
},
"title": "Remote Command Execution in uploading repository file in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0415",
"STATE": "PUBLIC",
"TITLE": "Remote Command Execution in uploading repository file in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.6"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Remote Command Execution in uploading repository file in GitHub repository gogs/gogs prior to 0.12.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-20 Improper Input Validation"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/b4928cfe-4110-462f-a180-6d5673797902"
},
{
"name": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/0fef3c9082269e9a4e817274942a5d7c50617284"
}
]
},
"source": {
"advisory": "b4928cfe-4110-462f-a180-6d5673797902",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0415",
"datePublished": "2022-03-21T10:45:13.000Z",
"dateReserved": "2022-01-30T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:25:40.311Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0871 (GCVE-0-2022-0871)
Vulnerability from nvd – Published: 2022-03-11 00:00 – Updated: 2024-08-02 23:40
VLAI
Title
Missing Authorization in gogs/gogs
Summary
Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5.
Severity
8.2 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.494Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/64102be2c90e1b47dbdd379873ba76c80d4b0e78"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Missing Authorization in GitHub repository gogs/gogs prior to 0.12.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T00:00:00.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"url": "https://huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62"
},
{
"url": "https://github.com/gogs/gogs/commit/64102be2c90e1b47dbdd379873ba76c80d4b0e78"
}
],
"source": {
"advisory": "ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62",
"discovery": "EXTERNAL"
},
"title": "Missing Authorization in gogs/gogs"
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0871",
"datePublished": "2022-03-11T00:00:00.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.494Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2022-0870 (GCVE-0-2022-0870)
Vulnerability from nvd – Published: 2022-03-11 10:40 – Updated: 2024-08-02 23:40
VLAI
Title
Server-Side Request Forgery (SSRF) in gogs/gogs
Summary
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5.
Severity
5 (Medium)
CWE
- CWE-918 - Server-Side Request Forgery (SSRF)
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://huntr.dev/bounties/327797d7-ae41-498f-9bf… | x_refsource_CONFIRM |
| https://github.com/gogs/gogs/commit/91f2cde5e95f1… | x_refsource_MISC |
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T23:40:04.563Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "gogs/gogs",
"vendor": "gogs",
"versions": [
{
"lessThan": "0.12.5",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918 Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-03-11T10:40:08.000Z",
"orgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"shortName": "@huntrdev"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb"
}
],
"source": {
"advisory": "327797d7-ae41-498f-9bff-cc0bf98cf531",
"discovery": "EXTERNAL"
},
"title": "Server-Side Request Forgery (SSRF) in gogs/gogs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@huntr.dev",
"ID": "CVE-2022-0870",
"STATE": "PUBLIC",
"TITLE": "Server-Side Request Forgery (SSRF) in gogs/gogs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "gogs/gogs",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "0.12.5"
}
]
}
}
]
},
"vendor_name": "gogs"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N",
"version": "3.0"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-918 Server-Side Request Forgery (SSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531",
"refsource": "CONFIRM",
"url": "https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531"
},
{
"name": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb",
"refsource": "MISC",
"url": "https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb"
}
]
},
"source": {
"advisory": "327797d7-ae41-498f-9bff-cc0bf98cf531",
"discovery": "EXTERNAL"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "c09c270a-b464-47c1-9133-acb35b22c19a",
"assignerShortName": "@huntrdev",
"cveId": "CVE-2022-0870",
"datePublished": "2022-03-11T10:40:09.000Z",
"dateReserved": "2022-03-06T00:00:00.000Z",
"dateUpdated": "2024-08-02T23:40:04.563Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}