CVE-2018-20303

HIGH

Gogs <0.11.82.1218 - Path Traversal

Title source: llm

Description

In pkg/tool/path.go in Gogs before 0.11.82.1218, a directory traversal in the file-upload functionality can allow an attacker to create a file under data/sessions on the server, a similar issue to CVE-2018-18925.

References (3)

Core 3

Core References

Patch, Third Party Advisory x_refsource_misc

https://github.com/gogs/gogs/commit/ff93d9dbda5cebe90d86e4b7dfb2c6b8642970ce

View Patch ZIP pw:eip

Exploit, Third Party Advisory x_refsource_misc

https://pentesterlab.com/exercises/cve-2018-18925/

Issue Tracking, Patch, Third Party Advisory x_refsource_misc

https://github.com/gogs/gogs/issues/5558

Scores

CVSS v3 7.5

EPSS 0.0320

EPSS Percentile 86.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-22

Status published

Products (2)

gogs/gogs < 0.11.82.1218

gogs.io/gogs 0 - 0.11.80-0.20181218063808-ff93d9dbda5cGo

Published Dec 20, 2018

Tracked Since Feb 18, 2026