Published: 20/12/2018 Updated: 31/01/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

In pkg/tool/path.go in Gogs prior to 0.11.82.1218, a directory traversal in the file-upload functionality can allow an malicious user to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gogs gogs

Gogs CVEs

GogsOwnz GogsOwnz is a simple script to gain administrator rights and RCE on a Gogs/Gitea server Exploit vulnerabilities in Gogs/Gitea, including CVE-2018-18925, CVE-2018-20303 Legal Disclaimer This script is offered as is No warranty, use on your own, please obey the law Typical Usage - [Please, read the full usage] Get info about Gogs/Gitea running python3 gogsownzpy htt

ahab is a tool to check for vulnerabilities in your apt, apk, or yum powered operating systems, powered by Sonatype OSS Index.

Note: ahab will soon be sailing into the sunset See: OSS Index Updates for details Ahab ahab is a tool to check for vulnerabilities in your apt, apk, yum or dnf powered operating systems, powered by Sonatype OSS Index ahab currently works for images that use apt, apk, yum or dnf for package management and will do its best to auto detect which package manager is being used by

CWE-22 https://pentesterlab.com/exercises/cve-2018-18925/https://github.com/gogs/gogs/issues/5558 https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce https://nvd.nist.gov https://github.com/TheZ3ro/gogsownz

CVE-2018-20303

Vulnerability Summary

Vulnerability Trend

Github Repositories

References

Vulmon Search

About

Products

Connect