Gogs: >> Gogs >> 0.11.53 Security Vulnerabilities
In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.
CVSS Score
7.5
EPSS Score
0.025
Published
2018-12-20
Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron.
CVSS Score
9.8
EPSS Score
0.937
Published
2018-11-04
In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-09-14
In Gogs 0.11.53, an attacker can use migrate to send arbitrary HTTP GET requests, leading to SSRF.
CVSS Score
8.6
EPSS Score
0.002
Published
2018-09-03
An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
CVSS Score
8.6
EPSS Score
0.003
Published
2018-08-08
A CSRF vulnerability in the admin panel in Gogs through 0.11.53 allows remote attackers to execute admin operations via a crafted issue / link.
CVSS Score
8.8
EPSS Score
0.002
Published
2018-08-08
Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.
CVSS Score
6.1
EPSS Score
0.002
Published
2018-08-08
Page 5