CVE-2020-15867

Public exploit
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue.
Max CVSS
7.2
EPSS Score
96.65%
Published
2020-10-16
Updated
2022-04-26
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
Max CVSS
6.5
EPSS Score
0.05%
Published
2020-06-21
Updated
2020-06-26
Gogs through 0.11.91 allows attackers to violate the admin-specified repo-creation policy due to an internal/db/repo.go race condition.
Max CVSS
5.9
EPSS Score
0.10%
Published
2020-02-21
Updated
2020-02-25
3 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!