5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.028 Low
EPSS
Percentile
90.7%
The malicious user is able to craft HTTP requests to access unauthorized Git directories. All installations with are affected.
Path cleaning has accommodated for Git HTTP endpoints. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.
N/A
https://huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d/
If you have any questions or comments about this advisory, please post on #7002.
CPE | Name | Operator | Version |
---|---|---|---|
gogs.io/gogs | lt | 0.12.9 |
github.com/advisories/GHSA-6vcc-v9vw-g2x5
github.com/gogs/gogs/commit/9bf748b6c4c9a17d3aa77f6b9abcfae65451febf
github.com/gogs/gogs/issues/7002
github.com/gogs/gogs/security/advisories/GHSA-6vcc-v9vw-g2x5
huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d
huntr.dev/bounties/22f9c074-cf60-4c67-b5c4-72fdf312609d/
nvd.nist.gov/vuln/detail/CVE-2022-1993
5.5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:S/C:P/I:P/A:N
8.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
0.028 Low
EPSS
Percentile
90.7%