Gogs: Incorrect API access control

Created on 1 Aug 2019  路  3Comments  路  Source: gogs/gogs
  • Gogs version (or commit ref): newest(e640683)
  • Can you reproduce the bug at https://try.gogs.io:

    • Yes

I discovered a misconfigured access control in the newest Gogs, I think it's some kind of bug.

I have already sent more about the details in the email to [email protected].

Best,
Manasseh Zhou

@unknwon

critical assigned to maintainer 馃拪 bug 馃毃 security
Source
picture ManassehZhou
👍1

Most helpful comment

CVE-2019-14544

picture ManassehZhou on 3 Aug 2019
👍2

All 3 comments

Thank you again for the security report!

Patch has been pushed to develop branch and https://try.gogs.io, would you mind take time do another round of test?

unknwon picture unknwon on 2 Aug 2019
👍1

LGTM

ManassehZhou picture ManassehZhou on 2 Aug 2019
1

CVE-2019-14544

ManassehZhou picture ManassehZhou on 3 Aug 2019
👍2
Was this page helpful?
0 / 5 - 0 ratings

Related issues

redoz picture redoz  路  3Comments
Lord0 picture Lord0  路  3Comments
ziozzang picture ziozzang  路  3Comments
rugk picture rugk  路  3Comments
sbarre-esit picture sbarre-esit  路  3Comments