github.com/gogs/gogs is vulnerable to missing permission checks. The function RegisterRoutes
in routes/api/v1/api.g
does not invoke the reqAdmin
method to perform permission checks for deploy keys, collaborators, and hooks.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/gogs/gogs | eq | HEAD | |
github.com/gogs/gogs | le | 0.11.86 |