CVE-2022-0871

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N

Name of the Vulnerable Software and Affected Versions gogs versions prior to 0.12.5

Description The issue concerns improper authorization handling in installations that use PAM as authentication sources. Expired PAM accounts and accounts with expired passwords are continued to be seen as valid.

Recommendations For versions prior to 0.12.5, upgrade to 0.12.5 or the latest 0.13.0+dev. As a temporary workaround, in addition to marking PAM accounts as expired, also disable/lock them by running usermod -L <username>.

Exploit

Fix

Incorrect Authorization

Missing Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-862CWE-285

Related Identifiers

CVE-2022-0871

GHSA-65F3-3278-7M65

GHSA-GW5H-H6HJ-F56G

GO-2022-0369

Affected Products

Gogs

CVE-2022-0871

Weakness Enumeration

Related Identifiers

Affected Products

References · 13