Shodan
Vulnerabilities
Vulnerable Software

Vulnerability Details CVE-2020-15867

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.911
EPSS Ranking 99.6%
CVSS Severity
CVSS v3 Score 7.2
CVSS v2 Score 6.5
Products affected by CVE-2020-15867
  • Gogs » Gogs » Version: 0.10
    cpe:2.3:a:gogs:gogs:0.10
  • Gogs » Gogs » Version: 0.10.1
    cpe:2.3:a:gogs:gogs:0.10.1
  • Gogs » Gogs » Version: 0.10.18
    cpe:2.3:a:gogs:gogs:0.10.18
  • Gogs » Gogs » Version: 0.10.8
    cpe:2.3:a:gogs:gogs:0.10.8
  • Gogs » Gogs » Version: 0.11
    cpe:2.3:a:gogs:gogs:0.11
  • Gogs » Gogs » Version: 0.11.19
    cpe:2.3:a:gogs:gogs:0.11.19
  • Gogs » Gogs » Version: 0.11.29
    cpe:2.3:a:gogs:gogs:0.11.29
  • Gogs » Gogs » Version: 0.11.33
    cpe:2.3:a:gogs:gogs:0.11.33
  • Gogs » Gogs » Version: 0.11.34
    cpe:2.3:a:gogs:gogs:0.11.34
  • Gogs » Gogs » Version: 0.11.4
    cpe:2.3:a:gogs:gogs:0.11.4
  • Gogs » Gogs » Version: 0.11.43
    cpe:2.3:a:gogs:gogs:0.11.43
  • Gogs » Gogs » Version: 0.11.53
    cpe:2.3:a:gogs:gogs:0.11.53
  • Gogs » Gogs » Version: 0.11.66
    cpe:2.3:a:gogs:gogs:0.11.66
  • Gogs » Gogs » Version: 0.11.79
    cpe:2.3:a:gogs:gogs:0.11.79
  • Gogs » Gogs » Version: 0.11.82.1218
    cpe:2.3:a:gogs:gogs:0.11.82.1218
  • Gogs » Gogs » Version: 0.11.86
    cpe:2.3:a:gogs:gogs:0.11.86
  • Gogs » Gogs » Version: 0.11.91
    cpe:2.3:a:gogs:gogs:0.11.91
  • Gogs » Gogs » Version: 0.12
    cpe:2.3:a:gogs:gogs:0.12
  • Gogs » Gogs » Version: 0.12.2
    cpe:2.3:a:gogs:gogs:0.12.2
  • Gogs » Gogs » Version: 0.5.11
    cpe:2.3:a:gogs:gogs:0.5.11
  • Gogs » Gogs » Version: 0.5.13
    cpe:2.3:a:gogs:gogs:0.5.13
  • Gogs » Gogs » Version: 0.5.5
    cpe:2.3:a:gogs:gogs:0.5.5
  • Gogs » Gogs » Version: 0.5.8
    cpe:2.3:a:gogs:gogs:0.5.8
  • Gogs » Gogs » Version: 0.5.9
    cpe:2.3:a:gogs:gogs:0.5.9
  • Gogs » Gogs » Version: 0.6.0
    cpe:2.3:a:gogs:gogs:0.6.0
  • Gogs » Gogs » Version: 0.6.1
    cpe:2.3:a:gogs:gogs:0.6.1
  • Gogs » Gogs » Version: 0.6.15
    cpe:2.3:a:gogs:gogs:0.6.15
  • Gogs » Gogs » Version: 0.6.3
    cpe:2.3:a:gogs:gogs:0.6.3
  • Gogs » Gogs » Version: 0.6.5
    cpe:2.3:a:gogs:gogs:0.6.5
  • Gogs » Gogs » Version: 0.6.9
    cpe:2.3:a:gogs:gogs:0.6.9
  • Gogs » Gogs » Version: 0.7.0
    cpe:2.3:a:gogs:gogs:0.7.0
  • Gogs » Gogs » Version: 0.7.19
    cpe:2.3:a:gogs:gogs:0.7.19
  • Gogs » Gogs » Version: 0.7.22
    cpe:2.3:a:gogs:gogs:0.7.22
  • Gogs » Gogs » Version: 0.7.33
    cpe:2.3:a:gogs:gogs:0.7.33
  • Gogs » Gogs » Version: 0.7.6
    cpe:2.3:a:gogs:gogs:0.7.6
  • Gogs » Gogs » Version: 0.8.0
    cpe:2.3:a:gogs:gogs:0.8.0
  • Gogs » Gogs » Version: 0.8.10
    cpe:2.3:a:gogs:gogs:0.8.10
  • Gogs » Gogs » Version: 0.8.25
    cpe:2.3:a:gogs:gogs:0.8.25
  • Gogs » Gogs » Version: 0.8.43
    cpe:2.3:a:gogs:gogs:0.8.43
  • Gogs » Gogs » Version: 0.9.0
    cpe:2.3:a:gogs:gogs:0.9.0
  • Gogs » Gogs » Version: 0.9.113
    cpe:2.3:a:gogs:gogs:0.9.113
  • Gogs » Gogs » Version: 0.9.128
    cpe:2.3:a:gogs:gogs:0.9.128
  • Gogs » Gogs » Version: 0.9.13
    cpe:2.3:a:gogs:gogs:0.9.13
  • Gogs » Gogs » Version: 0.9.141
    cpe:2.3:a:gogs:gogs:0.9.141
  • Gogs » Gogs » Version: 0.9.46
    cpe:2.3:a:gogs:gogs:0.9.46
  • Gogs » Gogs » Version: 0.9.48
    cpe:2.3:a:gogs:gogs:0.9.48
  • Gogs » Gogs » Version: 0.9.60
    cpe:2.3:a:gogs:gogs:0.9.60
  • Gogs » Gogs » Version: 0.9.71
    cpe:2.3:a:gogs:gogs:0.9.71
  • Gogs » Gogs » Version: 0.9.97
    cpe:2.3:a:gogs:gogs:0.9.97


Products
Pricing
Contact Us

Shodan ® - All rights reserved