PT-2022-14245 · Gogs · Gogs
Published
2022-06-08
·
Updated
2024-08-21
·
CVE-2022-1993
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
gogs/gogs versions prior to 0.12.9
Description
The issue allows a malicious user to craft HTTP requests to access unauthorized Git directories. All installations are affected.
Recommendations
For versions prior to 0.12.9, upgrade to 0.12.9 or the latest 0.13.0+dev to resolve the issue. As a temporary workaround, consider restricting access to Git HTTP endpoints until a patch is applied.
Exploit
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Gogs