An SSRF vulnerability in webhooks in Gitea through 1.5.0-rc2 and Gogs through 0.11.53 allows remote attackers to access intranet services.
References
Link | Resource |
---|---|
https://github.com/gogs/gogs/issues/5366 | Third Party Advisory |
https://github.com/go-gitea/gitea/issues/4624 | Issue Tracking Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2018-08-07 19:29
Updated : 2018-10-18 10:02
NVD link : CVE-2018-15192
Mitre link : CVE-2018-15192
JSON object : View
CWE
CWE-918
Server-Side Request Forgery (SSRF)
Products Affected
gitea
- gitea
gogs
- gogs