PT-2022-14244 · Gogs · Gogs
Published
2022-06-08
·
Updated
2024-08-21
·
CVE-2022-1992
CVSS v3.1
10
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
gogs/gogs versions prior to 0.12.9
Description
The issue allows a malicious user to delete and upload arbitrary files. This affects all installations on Windows where repository upload is enabled, which is the default setting. The estimated number of potentially affected devices is not provided.
Recommendations
For versions prior to 0.12.9, upgrade to 0.12.9 or the latest 0.13.0+dev to resolve the issue. As a temporary workaround, consider disabling the repository upload feature to minimize the risk of exploitation.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gogs