CVE-2019-14544: Missing Authorization

May 18, 2021

routes/api/v1/api.go in Gogs 0.11.86 lacks permission checks for routes: deploy keys, collaborators, and hooks.

References

github.com/advisories/GHSA-5r2v-6gm6-vpvh
github.com/gogs/gogs/commit/c3af3ff1d0484de3bd789ee6c6e47f35d590e945
github.com/gogs/gogs/issues/5764
nvd.nist.gov/vuln/detail/CVE-2019-14544

Detect and mitigate CVE-2019-14544 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →