logo

Database

Sensitive information sent insecurely In gogs.io/gogs

Description

Insecure Permissions in Gogs routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2019-145442. NVD-2019-145443. OSV-2019-145444. GCVE-2019-14544

References

1. https://github.com/gogs/gogs/issues/57642. https://github.com/gogs/gogs/commit/c3af3ff1d0484de3bd789ee6c6e47f35d590e945

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.

FLAT-BLF1R – Vulnerability | Fluid Attacks Database