CNNVD-202602-986 Information

CNNVD ID

CNNVD-202602-986

Related CVE

CVE-2026-23632

• CNNVD Published: 2026-02-06

Description (Chinese)

Gogs（Go Git Service）是Gogs团队的一个基于Go语言的自助Git托管服务，它支持创建、迁移公开/私有仓库，添加、删除仓库协作者等。 Gogs 0.13.3及之前版本存在安全漏洞，该漏洞源于端点PUT /repos/:owner/:repo/contents/*权限检查不当，可能导致使用只读令牌修改仓库内容。

Description (English)

Gogs (Go Git Service), a Gogs team-based self-help Git hosting service based on Go language, supports the creation, relocation, addition, removal of warehouse collaborators, etc. Gogs 0.13.3 and previous versions have a security loophole, which stems from the endpoint PUT/repos/:owner/:repo/contents/* inadequate access checks, which may lead to changes in the contents of the repository using only read-only tokens.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gogs

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/gogs/gogs/security/advisories/GHSA-5qhx-gwfj-6jqr

Patch

https://github.com/gogs/gogs/releases