CVE-2019-14544Missing Authorization in Gogs

CWE-862Missing AuthorizationCWE-200Sensitive Information Exposure4 documents3 sources
Severity
9.8CRITICALNVD
EPSS
0.3%
top 46.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Gogs.io GogsGogs
Timeline
PublishedAug 2
Latest updateAug 21

Description

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

Gogogs.io/gogs< 0.11.91
NVDgogs/gogs0.11.86

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
OSV
Insecure Permissions in Gogs in gogs.io/gogs2024-08-21
OSV
Insecure Permissions in Gogs2021-05-18
GHSA
Insecure Permissions in Gogs2021-05-18