Server-Side Request Forgery (SSRF) in gogs/gogs
CVE-2022-1285

8.3HIGH

Key Information:

Vendor: Gogs
Status: Gogs/gogs
Vendor: CVE Published:; 1 June 2022

What is CVE-2022-1285?

Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.8.

Affected Version(s)

gogs/gogs < 0.12.8

References

https://huntr.dev/bounties/da1fbd6e-7a02-458e-9c2e-6d226c...

x_refsource_CONFIRM

https://github.com/gogs/gogs/commit/7885f454a4946c4bbec1b...

x_refsource_MISC

CVSS V3.1

Score:

8.3

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Timeline

Vulnerability published
Jun 1, 2022
Vulnerability Reserved
Apr 9, 2022

.