Known Vulnerabilities for products from Gogs
Listed below are 13 of the newest known vulnerabilities associated with the vendor "Gogs".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2022-0415 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-03-21 | 2022-03-25 |
| CVE-2021-32546 | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new secur... | 8.8 - HIGH | 2022-06-02 | 2022-06-09 |
| CVE-2020-15867 | The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege es... | 7.2 - HIGH | 2020-10-16 | 2022-04-26 |
| CVE-2020-14958 | In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check. | 6.5 - MEDIUM | 2020-06-21 | 2020-06-26 |
| CVE-2020-9329 | Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race ... | 5.9 - MEDIUM | 2020-02-21 | 2020-02-25 |
| CVE-2019-14544 | routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks. | 9.8 - CRITICAL | 2019-08-02 | 2020-08-24 |
| CVE-2018-20303 | In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker... | 7.5 - HIGH | 2018-12-20 | 2019-01-31 |
| CVE-2018-18925 | Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." sessio... | 9.8 - CRITICAL | 2018-11-04 | 2019-01-29 |
| CVE-2018-17031 | In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated b... | 6.1 - MEDIUM | 2018-09-14 | 2018-11-07 |
| CVE-2018-16409 | In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF. | 8.6 - HIGH | 2018-09-03 | 2018-11-06 |
| CVE-2018-15193 | A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a cra... | 8.8 - HIGH | 2018-08-08 | 2018-10-05 |
| CVE-2018-15192 | An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intra... | 8.6 - HIGH | 2018-08-08 | 2018-10-18 |
| CVE-2018-15178 | Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct p... | 6.1 - MEDIUM | 2018-08-08 | 2018-10-05 |
Known software with vulnerabilities from Gogs
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Gogs | Gogs | 0.2.0 |