CVE-2019-14544

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-14544

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-14544.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-14544

Aliases

Withdrawn

2024-05-15T05:33:12.556207Z

Published

2019-08-02T22:15:14Z

Modified

2024-08-21T15:58:49.251422Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

References

https://github.com/gogs/gogs/issues/5764

Affected packages

Git / github.com/gogs/gogs

Affected ranges

Type: GIT
Repo: https://github.com/gogs/gogs
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

06b6eaba060f8b874a4c2a8c84515b2ea45321d6

Affected versions

v0.*

v0.10

v0.10.1

v0.10.18

v0.10.8

v0.10rc

v0.11

v0.11.19

v0.11.29

v0.11.33

v0.11.34

v0.11.4

v0.11.43

v0.11.53

v0.11.66

v0.11.79

v0.11.86

v0.11rc

v0.2.0

v0.3.0

v0.3.1

v0.4.0

v0.4.1

v0.4.2

v0.5.0

v0.5.11

v0.5.13

v0.5.2

v0.5.5

v0.5.8

v0.5.9

v0.6.0

v0.6.1

v0.6.15

v0.6.3

v0.6.5

v0.6.9

v0.7.0

v0.7.19

v0.7.22

v0.7.33

v0.7.6

v0.8.0

v0.8.10

v0.8.25

v0.8.43

v0.9.0

v0.9.113

v0.9.128

v0.9.13

v0.9.141

v0.9.46

v0.9.48

v0.9.60

v0.9.71

v0.9.97