Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2018-18925

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.922
EPSS Ranking 99.7%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
Products affected by CVE-2018-18925
  • Gogs » Gogs » Version: N/A
    cpe:2.3:a:gogs:gogs:-
  • Gogs » Gogs » Version: 0.10
    cpe:2.3:a:gogs:gogs:0.10
  • Gogs » Gogs » Version: 0.10.1
    cpe:2.3:a:gogs:gogs:0.10.1
  • Gogs » Gogs » Version: 0.10.18
    cpe:2.3:a:gogs:gogs:0.10.18
  • Gogs » Gogs » Version: 0.10.8
    cpe:2.3:a:gogs:gogs:0.10.8
  • Gogs » Gogs » Version: 0.11
    cpe:2.3:a:gogs:gogs:0.11
  • Gogs » Gogs » Version: 0.11.19
    cpe:2.3:a:gogs:gogs:0.11.19
  • Gogs » Gogs » Version: 0.11.29
    cpe:2.3:a:gogs:gogs:0.11.29
  • Gogs » Gogs » Version: 0.11.33
    cpe:2.3:a:gogs:gogs:0.11.33
  • Gogs » Gogs » Version: 0.11.34
    cpe:2.3:a:gogs:gogs:0.11.34
  • Gogs » Gogs » Version: 0.11.4
    cpe:2.3:a:gogs:gogs:0.11.4
  • Gogs » Gogs » Version: 0.11.43
    cpe:2.3:a:gogs:gogs:0.11.43
  • Gogs » Gogs » Version: 0.11.53
    cpe:2.3:a:gogs:gogs:0.11.53
  • Gogs » Gogs » Version: 0.11.66
    cpe:2.3:a:gogs:gogs:0.11.66
  • Gogs » Gogs » Version: 0.2.0
    cpe:2.3:a:gogs:gogs:0.2.0
  • Gogs » Gogs » Version: 0.3.0
    cpe:2.3:a:gogs:gogs:0.3.0
  • Gogs » Gogs » Version: 0.3.1
    cpe:2.3:a:gogs:gogs:0.3.1
  • Gogs » Gogs » Version: 0.4.0
    cpe:2.3:a:gogs:gogs:0.4.0
  • Gogs » Gogs » Version: 0.4.1
    cpe:2.3:a:gogs:gogs:0.4.1
  • Gogs » Gogs » Version: 0.4.2
    cpe:2.3:a:gogs:gogs:0.4.2
  • Gogs » Gogs » Version: 0.5.0
    cpe:2.3:a:gogs:gogs:0.5.0
  • Gogs » Gogs » Version: 0.5.11
    cpe:2.3:a:gogs:gogs:0.5.11
  • Gogs » Gogs » Version: 0.5.13
    cpe:2.3:a:gogs:gogs:0.5.13
  • Gogs » Gogs » Version: 0.5.2
    cpe:2.3:a:gogs:gogs:0.5.2
  • Gogs » Gogs » Version: 0.5.5
    cpe:2.3:a:gogs:gogs:0.5.5
  • Gogs » Gogs » Version: 0.5.8
    cpe:2.3:a:gogs:gogs:0.5.8
  • Gogs » Gogs » Version: 0.5.9
    cpe:2.3:a:gogs:gogs:0.5.9
  • Gogs » Gogs » Version: 0.6.0
    cpe:2.3:a:gogs:gogs:0.6.0
  • Gogs » Gogs » Version: 0.6.1
    cpe:2.3:a:gogs:gogs:0.6.1
  • Gogs » Gogs » Version: 0.6.15
    cpe:2.3:a:gogs:gogs:0.6.15
  • Gogs » Gogs » Version: 0.6.3
    cpe:2.3:a:gogs:gogs:0.6.3
  • Gogs » Gogs » Version: 0.6.5
    cpe:2.3:a:gogs:gogs:0.6.5
  • Gogs » Gogs » Version: 0.6.9
    cpe:2.3:a:gogs:gogs:0.6.9
  • Gogs » Gogs » Version: 0.7.0
    cpe:2.3:a:gogs:gogs:0.7.0
  • Gogs » Gogs » Version: 0.7.19
    cpe:2.3:a:gogs:gogs:0.7.19
  • Gogs » Gogs » Version: 0.7.22
    cpe:2.3:a:gogs:gogs:0.7.22
  • Gogs » Gogs » Version: 0.7.33
    cpe:2.3:a:gogs:gogs:0.7.33
  • Gogs » Gogs » Version: 0.7.6
    cpe:2.3:a:gogs:gogs:0.7.6
  • Gogs » Gogs » Version: 0.8.0
    cpe:2.3:a:gogs:gogs:0.8.0
  • Gogs » Gogs » Version: 0.8.10
    cpe:2.3:a:gogs:gogs:0.8.10
  • Gogs » Gogs » Version: 0.8.25
    cpe:2.3:a:gogs:gogs:0.8.25
  • Gogs » Gogs » Version: 0.8.43
    cpe:2.3:a:gogs:gogs:0.8.43
  • Gogs » Gogs » Version: 0.9.0
    cpe:2.3:a:gogs:gogs:0.9.0
  • Gogs » Gogs » Version: 0.9.113
    cpe:2.3:a:gogs:gogs:0.9.113
  • Gogs » Gogs » Version: 0.9.128
    cpe:2.3:a:gogs:gogs:0.9.128
  • Gogs » Gogs » Version: 0.9.13
    cpe:2.3:a:gogs:gogs:0.9.13
  • Gogs » Gogs » Version: 0.9.141
    cpe:2.3:a:gogs:gogs:0.9.141
  • Gogs » Gogs » Version: 0.9.46
    cpe:2.3:a:gogs:gogs:0.9.46
  • Gogs » Gogs » Version: 0.9.48
    cpe:2.3:a:gogs:gogs:0.9.48
  • Gogs » Gogs » Version: 0.9.60
    cpe:2.3:a:gogs:gogs:0.9.60
  • Gogs » Gogs » Version: 0.9.71
    cpe:2.3:a:gogs:gogs:0.9.71
  • Gogs » Gogs » Version: 0.9.97
    cpe:2.3:a:gogs:gogs:0.9.97


Products
Pricing
Contact Us

Shodan ® - All rights reserved