Gogs 0.12.9 Release Candidate 1

CPE Details

Gogs 0.12.9 Release Candidate 1
gogs
gogs
0.12.9
2022-06-13
16h10 +00:00
2022-06-14
11h22 +00:00
CPE NVD
Alerte pour un CPE
Restez informé de toutes modifications pour un CPE spécifique.
Gestion des notifications

CPE Name: cpe:2.3:a:gogs:gogs:0.12.9:rc1:*:*:*:*:*:*

Informations

Vendor

gogs

Product

gogs

Version

0.12.9

Update

rc1

Related CVE

Open and find in CVE List

CVE ID Publié Description Score Gravité
CVE-2024-55947 2024-12-23 15h26 +00:00 Gogs is an open source self-hosted Git service. A malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
8.7
Haute
CVE-2024-54148 2024-12-23 15h22 +00:00 Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
8.7
Haute
CVE-2024-44625 2024-11-14 23h00 +00:00 Gogs <=0.13.0 is vulnerable to Directory Traversal via the editFilePost function of internal/route/repo/editor.go.
8.8
Haute
CVE-2024-39930 2024-07-03 22h00 +00:00 The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.
9.9
Critique
CVE-2024-39931 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows deletion of internal files.
9.9
Critique
CVE-2024-39932 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows argument injection during the previewing of changes.
9.9
Critique
CVE-2024-39933 2024-07-03 22h00 +00:00 Gogs through 0.13.0 allows argument injection during the tagging of a new release.
7.7
Haute
CVE-2022-2024 2023-02-25 00h00 +00:00 OS Command Injection in GitHub repository gogs/gogs prior to 0.12.11.
9.8
Critique
CVE-2022-32174 2022-10-11 14h20 +00:00 In Gogs, versions v0.6.5 through v0.12.10 are vulnerable to Stored Cross-Site Scripting (XSS) that leads to an account takeover.
9
Critique
Les informations affichées sur CVE Find proviennent de plusieurs sources de référence rigoureusement sélectionnées. Les données CVE sont fournies par MITRE Corporation et la National Vulnerability Database (NVD). Le catalogue des vulnérabilités activement exploitées (KEV) provient de la Cybersecurity and Infrastructure Security Agency (CISA), tandis que les scores EPSS sont issus de FIRST.org. Enfin, les données relatives aux faiblesses logicielles (CWE) et aux schémas d'attaque courants (CAPEC) sont maintenues par MITRE Corporation, et les informations sur les configurations logicielles et matérielles (CPE) proviennent du NVD.