From c757ea18cd279aa2635f80ca5ce39992d5982f98 Mon Sep 17 00:00:00 2001 From: MostInterestingBotInTheWorld <98333686+MostInterestingBotInTheWorld@users.noreply.github.com> Date: Thu, 6 Apr 2023 16:58:52 -0400 Subject: [PATCH] Enhancement: cves/2022/CVE-2022-0870.yaml by md --- cves/2022/CVE-2022-0870.yaml | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/cves/2022/CVE-2022-0870.yaml b/cves/2022/CVE-2022-0870.yaml index 8c32d7d0d1..a08f626afb 100644 --- a/cves/2022/CVE-2022-0870.yaml +++ b/cves/2022/CVE-2022-0870.yaml @@ -1,16 +1,16 @@ id: CVE-2022-0870 info: - name: Gogs < 0.12.5 - Server Side Request Forgery + name: Gogs <0.12.5 - Server-Side Request Forgery author: theamanrawat,Akincibor severity: medium description: | - Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. + Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. reference: - https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb - - https://nvd.nist.gov/vuln/detail/CVE-2022-0870 - https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531 - remediation: Fixed in version 0.12.5 + - https://nvd.nist.gov/vuln/detail/CVE-2022-0870 + remediation: Fixed in version 0.12.5. classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 @@ -72,3 +72,5 @@ requests: regex: - 'name="_csrf" content="(.*)"' internal: true + +# Enhanced by md on 2023/04/06