Authorization Bypass

2022-03-1404:58:57

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.002 Low

EPSS

Percentile

51.4%

JSON

github.com/gogs/gogs is vulnerable to authorization bypass. When gogs is built and configured for PAM authentification, the library does not properly validate the authorization of the accounts, allowing an attacker to access expired accounts.

CPENameOperatorVersion
github.com/gogs/gogslev0.6.15
github.com/gogs/gogslev0.7.33
github.com/gogs/gogslev0.12.4
github.com/gogs/gogslev0.11.91
github.com/gogs/gogslev0.9.141
github.com/gogs/gogslev0.10.18
github.com/gogs/gogslev0.8.43
github.com/gogs/gogslev0.6.15
github.com/gogs/gogslev0.7.33
github.com/gogs/gogslev0.12.4

Name	Operator	Version
github.com/gogs/gogs	le	v0.6.15
github.com/gogs/gogs	le	v0.7.33
github.com/gogs/gogs	le	v0.12.4
github.com/gogs/gogs	le	v0.11.91
github.com/gogs/gogs	le	v0.9.141
github.com/gogs/gogs	le	v0.10.18
github.com/gogs/gogs	le	v0.8.43
github.com/gogs/gogs	le	v0.6.15
github.com/gogs/gogs	le	v0.7.33
github.com/gogs/gogs	le	v0.12.4