CVE-2019-14544

CRITICAL

Gogs 0.11.86 - Privilege Escalation

Title source: llm
STIX 2.1

Description

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

References (1)

Core 1
Core References
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/gogs/gogs/issues/5764

Scores

CVSS v3 9.8
EPSS 0.0153
EPSS Percentile 71.7%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-862
Status published
Products (2)
gogs/gogs 0.11.86
gogs.io/gogs 0 - 0.11.91Go
Published Aug 02, 2019
Tracked Since Feb 18, 2026