Gogs Allows Deletion of Internal Files
CVE-2024-39931

9.9CRITICAL

Key Information:

Vendor

Gogs

Status
Gogs
Vendor
CVE Published:
4 July 2024

What is CVE-2024-39931?

A vulnerability exists in Gogs software, prior to version 0.13.0, which permits the deletion of internal files. This flaw could potentially allow an unauthorized user to manipulate data, compromising the integrity and availability of the system. It is essential for users of affected versions to apply the necessary updates to safeguard their environments.

References

https://github.com/gogs/gogs/releases
https://www.sonarsource.com/blog/securing-developer-tools...

CVSS V3.1

Score:
9.9
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-39931 : Gogs Allows Deletion of Internal Files