CNNVD-202602-990 Information

CNNVD ID

CNNVD-202602-990

Related CVE

CVE-2025-64175

• CNNVD Published: 2026-02-06

Description (Chinese)

Gogs（Go Git Service）是Gogs团队的一个基于Go语言的自助Git托管服务，它支持创建、迁移公开/私有仓库，添加、删除仓库协作者等。 Gogs 0.13.3及之前版本存在安全漏洞，该漏洞源于双因素认证恢复代码验证未按用户划分代码范围，可能导致跨账户绕过，从而完全接管账户。

Description (English)

Gogs (Go Git Service), a Gogs team-based self-help Git hosting service based on Go language, supports the creation, relocation, addition, removal of warehouse collaborators, etc. The security gap in Gogs 0.13.3 and previous versions stems from the fact that the dual-factor authentication recovery code certification does not have a user-by-user range, which may result in cross-account circumvention, thereby taking over the account altogether.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Gogs

Published

2026-02-06

Last Modified

2026-02-24

References

https://github.com/gogs/gogs/security/advisories/GHSA-p6x6-9mx6-26wj

Patch

https://github.com/gogs/gogs/releases