Gogs 0.12.8 Release Candidate 1

CPE Details

Gogs 0.12.8 Release Candidate 1
gogs
gogs
0.12.8
2022-06-13
16h09 +00:00
2022-06-14
11h22 +00:00
CPE NVD
Alerte pour un CPE
Stay informed of any changes for a specific CPE.
Notifications manage

CPE Name: cpe:2.3:a:gogs:gogs:0.12.8:rc1:*:*:*:*:*:*

Informations

Vendor

gogs

Product

gogs

Version

0.12.8

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Published Description Score Severity
CVE-2024-55947 2024-12-23 15h26 +00:00 Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
8.7
High
CVE-2024-54148 2024-12-23 15h22 +00:00 Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
8.7
High
CVE-2024-44625 2024-11-14 23h00 +00:00 Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
8.8
High
CVE-2024-39930 2024-07-03 22h00 +00:00 The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
9.9
Critical
CVE-2024-39931 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows deletion of internal files.
9.9
Critical
CVE-2024-39932 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows argument injection during the previewing of changes.
9.9
Critical
CVE-2024-39933 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows argument injection during the tagging of a new release.
7.7
High
CVE-2022-2024 2023-02-25 00h00 +00:00 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
9.8
Critical
CVE-2022-32174 2022-10-11 14h20 +00:00 In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
9
Critical
CVE-2022-1986 2022-06-09 01h35 +00:00 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.9.
9.8
Critical
CVE-2022-31038 2022-06-08 17h40 +00:00 Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.
5.4
Medium
CVE-2022-1993 2022-06-08 11h55 +00:00 Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
8.1
High
CVE-2022-1992 2022-06-08 11h30 +00:00 Path Traversal in GitHub repository gogs/gogs prior to 0.12.9.
9.1
Critical
The information presented on CVE Find originates from several carefully selected reference sources. CVE data is provided by MITRE Corporation and the National Vulnerability Database (NVD). The Known Exploited Vulnerabilities (KEV) catalog is sourced from the Cybersecurity and Infrastructure Security Agency (CISA), while EPSS scores come from FIRST.org. Additionally, data regarding software weaknesses (CWE) and common attack patterns (CAPEC) is maintained by MITRE Corporation, and information on hardware and software configurations (CPE) is provided by the NVD.