Gogs Permission Checking Vulnerability
A vulnerability in Gogs could allow an unauthenticated, remote attacker to perform unauthorized actions on a targeted system.
The vulnerability exists because the routes/api/v1/api.go source code file of the affected software does not properly perform permission checks for routes. Permission checks are not enforced for deploy keys, collaborators, and hooks. An attacker could exploit this vulnerability to perform unauthorized actions on a targeted system. A successful exploit could be used to conduct further attacks.
Gogs has confirmed the vulnerability and released software updates.
Security Impact Rating: Critical