github.com/gogs/gogs is vulnerable to authorization bypass. When gogs is built and configured for PAM authentification, the library does not properly validate the authorization of the accounts, allowing an attacker to access expired accounts.
github.com/advisories/GHSA-65f3-3278-7m65
github.com/advisories/GHSA-gw5h-h6hj-f56g
github.com/gogs/gogs/commit/64102be2c90e1b47dbdd379873ba76c80d4b0e78
github.com/gogs/gogs/issues/6810
github.com/gogs/gogs/pull/6819
huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62
huntr.dev/bounties/ea82cfc9-b55c-41fe-ae58-0d0e0bd7ab62/