CVE-2018-15178 — Open Redirect in Gogs

CWE-601 — Open Redirect4 documents3 sources

Severity

6.1MEDIUMNVD

EPSS

0.2%

top 54.22%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Gogs.io Gogs Gogs

Timeline

PublishedAug 8

Latest updateAug 21

Description

Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:NExploitability: 2.8 | Impact: 2.7

Affected Packages2 packages

▶NVDgogs/gogs< 0.12

▶Gogogs.io/gogs< 0.12.0

🔴Vulnerability Details

OSV

Open Redirect in gogs.io/gogs↗2024-08-21

▶

OSV

Open Redirect↗2021-06-29

▶

GHSA

Open Redirect↗2021-06-29

▶