Lucene search
Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-AC62C74FFD9E302042CDDA708BAC1FACHistoryJun 08, 2022 - 12:00 a.m.
Path Traversal in file editor on Windows in Gogs
2022-06-0800:00:00
https://gitlab.com/gitlab-org/security-products/gemnasium-db
gitlab.com
2
0.001 Low
EPSS
Percentile
39.6%
Impact
The malicious user is able to delete and upload arbitrary file(s). All installations on Windows with repository upload enabled (default) are affected.
Patches
Path cleaning has accommodated for Windows. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.
Workarounds
N/A
References
https://huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab/
For more information
If you have any questions or comments about this advisory, please post on #7001.
| CPE | Name | Operator | Version |
|---|---|---|---|
| go/gogs.io/gogs | lt | 0.12.9 |
References
github.com/advisories/GHSA-994f-7g86-qr56
github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129
github.com/gogs/gogs/commit/2ca014250fbf0bba94c914d9e43b1f6d8eca3bb0
github.com/gogs/gogs/security/advisories/GHSA-994f-7g86-qr56
huntr.dev/bounties/2e8cdc57-a9cf-46ae-9088-87f09e6c90ab/
Related
osv
osv
CVE-2022-1992
2022-06-09 17:15:08
Path Traversal in file editor on Windows in Gogs
2022-06-08 20:15:11
github
github
Path Traversal in file editor on Windows in Gogs
2022-06-08 20:15:11
huntr
huntr
Path traversal leads to arbitrary file deletions and file writes
2022-06-02 14:36:18
veracode
veracode
Path Traversal
2022-06-09 07:55:58
nvd
nvd
CVE-2022-1992
2022-06-09 17:15:08
prion
prion
Path traversal
2022-06-09 17:15:00
cve
cve
CVE-2022-1992
2022-06-09 17:15:08
cvelist
cvelist
CVE-2022-1992 Path Traversal in gogs/gogs
2022-06-08 13:30:14
openvas
openvas
Gogs < 0.12.9 Multiple Vulnerabilities
2022-06-10 00:00:00