Gogs Allows Deletion of Internal Files
CVE-2024-39931

9.9CRITICAL

Key Information:

Vendor: Gogs
Status: Gogs
Vendor: CVE Published:; 4 July 2024

What is CVE-2024-39931?

A vulnerability exists in Gogs software, prior to version 0.13.0, which permits the deletion of internal files. This flaw could potentially allow an unauthorized user to manipulate data, compromising the integrity and availability of the system. It is essential for users of affected versions to apply the necessary updates to safeguard their environments.

References

https://github.com/gogs/gogs/releases

https://www.sonarsource.com/blog/securing-developer-tools...

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 4, 2024
Vulnerability Reserved
Jul 4, 2024