CVE-2022-1285

Name of the Vulnerable Software and Affected Versions gogs/gogs versions prior to 0.12.8

Description The issue is related to a Server-Side Request Forgery (SSRF) in the GitHub repository gogs/gogs. This allows a malicious user to discover services in the internal network through webhook functionality. All installations accepting public traffic are affected.

Recommendations For versions prior to 0.12.8, upgrade to 0.12.8 or the latest 0.13.0+dev to resolve the issue. As a temporary workaround, consider running Gogs in its own private network to minimize the risk of exploitation.