daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Enhancement: cves/2022/CVE-2022-0870.yaml by md

patch-1
MostInterestingBotInTheWorld 2023-04-06 16:58:52 -04:00
parent 8bccf0d8ec
commit c757ea18cd
1 changed files with 6 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
cves/2022/CVE-2022-0870.yaml
View File

@ -1,16 +1,16 @@
id: CVE-2022-0870 id: CVE-2022-0870
info: info:
name: Gogs < 0.12.5 - Server Side Request Forgery name: Gogs <0.12.5 - Server-Side Request Forgery
author: theamanrawat,Akincibor author: theamanrawat,Akincibor
severity: medium severity: medium
description: | description: |
Server-Side Request Forgery (SSRF) in GitHub repository gogs/gogs prior to 0.12.5. Gogs GitHub repository before 0.12.5 is susceptible to server-side request forgery. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site.
reference: reference:
- https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb - https://github.com/gogs/gogs/commit/91f2cde5e95f146bfe4765e837e7282df6c7cabb
- https://nvd.nist.gov/vuln/detail/CVE-2022-0870
- https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531 - https://huntr.dev/bounties/327797d7-ae41-498f-9bff-cc0bf98cf531
remediation: Fixed in version 0.12.5 - https://nvd.nist.gov/vuln/detail/CVE-2022-0870
remediation: Fixed in version 0.12.5.
classification: classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3 cvss-score: 5.3
@ -72,3 +72,5 @@ requests:
regex: regex:
- 'name="_csrf" content="(.*)"' - 'name="_csrf" content="(.*)"'
internal: true internal: true
# Enhanced by md on 2023/04/06