CVE-2022-0870

Name of the Vulnerable Software and Affected Versions gogs versions prior to 0.12.5

Description The issue is related to Server-Side Request Forgery (SSRF) in the repository migration functionality of gogs. This allows a malicious user to discover services in the internal network. All installations that accept public traffic are affected. The internal network CIDRs are prohibited from being used as repository migration targets.

Recommendations For versions prior to 0.12.5, upgrade to 0.12.5 or the latest 0.13.0+dev to resolve the issue. As a temporary workaround, consider running gogs in its own private network until an update can be applied. Restrict access to the repository migration functionality to minimize the risk of exploitation.