Gogs.Io Gogs vulnerabilities

CVE-2018-17031 [MEDIUM] CWE-79 Gogs XSS Vulnerability Gogs XSS Vulnerability In Gogs 0.11.53, an attacker can use a crafted .eml file to trigger MIME type sniffing, which leads to XSS, as demonstrated by Internet Explorer, because an "X-Content-Type-Options: nosniff" header is not sent.

CVE-2022-0415 [HIGH] CWE-20 Unrestricted Upload of File with Dangerous Type in Gogs Unrestricted Upload of File with Dangerous Type in Gogs ### Impact The malicious user is able to upload a crafted `config` file into repository's `.git` directory with to gain SSH access to the server. All installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches Repository file uploads

CVE-2022-0871 [HIGH] CWE-862 Gogs vulnerable to improper PAM authorization handling Gogs vulnerable to improper PAM authorization handling ### Impact Expired PAM accounts and accounts with expired passwords are continued to be seen as valid. Installations use PAM as authentication sources are affected. ### Patches Expired PAM accounts and accounts with expired passwords are no longer being seen as valid. Users should upgrade to 0.12.5 or the latest 0.13.0+dev. ### Workarounds In addition t

CVE-2022-0870 [MEDIUM] CWE-918 SSRF in repository migration SSRF in repository migration Gogs is a self-hosted Git service. The malicious user is able to discover services in the internal network through repository migration functionality. All installations accepting public traffic are affected. Internal network CIDRs are prohibited to be used as repository migration targets. Users should upgrade to 0.12.5 or the latest 0.13.0+dev. Gogs should be ran in its own private network until users can u

CVE-2014-8682 [HIGH] CWE-89 SQL Injection in Gogs SQL Injection in Gogs Multiple SQL injection vulnerabilities in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.6.1105 Beta allow remote attackers to execute arbitrary SQL commands via the q parameter to (1) api/v1/repos/search, which is not properly handled in models/repo.go, or (2) api/v1/users/search, which is not properly handled in models/user.go.

CVE-2014-8683 [MEDIUM] CWE-79 Cross-site Scripting in Gogs Cross-site Scripting in Gogs Cross-site scripting (XSS) vulnerability in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.x before 0.5.8 allows remote attackers to inject arbitrary web script or HTML via the text parameter to api/v1/markdown.

CVE-2018-15178 [MEDIUM] CWE-601 Open Redirect Open Redirect Open redirect vulnerability in Gogs before 0.12 allows remote attackers to redirect users to arbitrary websites and conduct phishing attacks via an initial /\ substring in the user/login redirect_to parameter, related to the function isValidRedirect in routes/user/auth.go.

CVE-2014-8681 [MEDIUM] CWE-89 SQL Injection in gogs.io/gogs SQL Injection in gogs.io/gogs SQL injection vulnerability in the GetIssues function in models/issue.go in Gogs (aka Go Git Service) 0.3.1-9 through 0.5.6.x before 0.5.6.1025 Beta allows remote attackers to execute arbitrary SQL commands via the label parameter to user/repos/issues.

CVE-2019-14544 [CRITICAL] CWE-200 Insecure Permissions in Gogs Insecure Permissions in Gogs routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

CVE-2020-14958 [MEDIUM] CWE-281 Insecure Permissions in Gogs Insecure Permissions in Gogs In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.