x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-fg3x-rwq9-74cw #1971

GoVulnBot · 2023-07-25T20:01:34Z

In GitHub Security Advisory GHSA-fg3x-rwq9-74cw, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
gogs.io/gogs		<= 0.11.53

Cross references:

Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-gw5h-h6hj-f56g #369 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-q347-cg56-pcq4 #377 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-pj96-4jhv-v792 #473 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-5gjh-5j4f-cpwv #554 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-67mx-jc2f-jgjm #556 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-6vcc-v9vw-g2x5 #562 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-7v5r-r995-q2x2 #566 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-994f-7g86-qr56 #570 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-w689-557m-2cvq #583 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-ff28-f46g-r9g8 #597 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-9hx4-qm7h-x84j #642 EFFECTIVELY_PRIVATE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-958j-443g-7mm7 #749 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-4c7m-vv47-7c69 #788 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-5r2v-6gm6-vpvh #797 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-cpgw-2wxr-pww3 #822 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-g6xv-8q23-w2q3 #831 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-mcjj-2fvq-mc3r #1060 NOT_IMPORTABLE
Module gogs.io/gogs appears in issue x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-pfvh-p8qp-9ww9 #1596 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: gogs.io/gogs
      versions:
        - {}
      vulnerable_at: 0.13.0
      packages:
        - package: gogs.io/gogs
    - module: gogs.io/gogs
      versions:
        - {}
      vulnerable_at: 0.13.0
      packages:
        - package: code.gitea.io/gitea
summary: Gogs and Gitea SSRF Vulnerability
description: |-
    An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through
    0.11.53 allows remote attackers to access intranet services.
cves:
    - CVE-2018-15192
ghsas:
    - GHSA-fg3x-rwq9-74cw
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2018-15192
    - report: https://github.com/go-gitea/gitea/issues/4624
    - report: https://github.com/gogs/gogs/issues/5366
    - advisory: https://github.com/advisories/GHSA-fg3x-rwq9-74cw

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-07-31T20:51:10Z

Change https://go.dev/cl/514636 mentions this issue: data/excluded: batch add 31 excluded reports

gopherbot · 2024-06-14T17:49:57Z

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:52:35Z

Change https://go.dev/cl/606789 mentions this issue: data/reports: unexclude 20 reports (9)

- data/reports/GO-2023-1955.yaml - data/reports/GO-2023-1956.yaml - data/reports/GO-2023-1957.yaml - data/reports/GO-2023-1959.yaml - data/reports/GO-2023-1961.yaml - data/reports/GO-2023-1962.yaml - data/reports/GO-2023-1965.yaml - data/reports/GO-2023-1971.yaml - data/reports/GO-2023-1972.yaml - data/reports/GO-2023-1973.yaml - data/reports/GO-2023-1977.yaml - data/reports/GO-2023-1979.yaml - data/reports/GO-2023-1980.yaml - data/reports/GO-2023-1982.yaml - data/reports/GO-2023-1985.yaml - data/reports/GO-2023-1986.yaml - data/reports/GO-2023-1991.yaml - data/reports/GO-2023-1993.yaml - data/reports/GO-2023-1995.yaml - data/reports/GO-2023-1996.yaml Updates #1955 Updates #1956 Updates #1957 Updates #1959 Updates #1961 Updates #1962 Updates #1965 Updates #1971 Updates #1972 Updates #1973 Updates #1977 Updates #1979 Updates #1980 Updates #1982 Updates #1985 Updates #1986 Updates #1991 Updates #1993 Updates #1995 Updates #1996 Change-Id: I681627cba89cee6d3bc2def3924c65a3b5da4453 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606789 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

neild self-assigned this Jul 31, 2023

neild added the excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable. label Jul 31, 2023

gopherbot closed this as completed in 2439098 Jul 31, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-fg3x-rwq9-74cw #1971

x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-fg3x-rwq9-74cw #1971

GoVulnBot commented Jul 25, 2023

gopherbot commented Jul 31, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-fg3x-rwq9-74cw #1971

x/vulndb: potential Go vuln in gogs.io/gogs: GHSA-fg3x-rwq9-74cw #1971

Comments

GoVulnBot commented Jul 25, 2023

gopherbot commented Jul 31, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024