Gogs Permission Checking Vulnerability

By GIXnews


A vulnerability in Gogs could allow an unauthenticated, remote attacker to perform unauthorized actions on a targeted system.

The vulnerability exists because the routes/api/v1/api.go source code file of the affected software does not properly perform permission checks for routes. Permission checks are not enforced for deploy keys, collaborators, and hooks. An attacker could exploit this vulnerability to perform unauthorized actions on a targeted system. A successful exploit could be used to conduct further attacks.

Gogs has confirmed the vulnerability and released software updates.

Security Impact Rating: Critical

CVE: CVE-2019-14544

Source:: Cisco Multivendor Vulnerability Alerts