CSIRT Toscana Gogs: disponibili PoC per lo sfruttamento di nuove vulnerabilità (AL02/260625/CSIRT-ITA)
Data:
25 Giugno 2026
Impatto Sistemico
Alto (69.23)
Sintesi
Disponibili Proof of Concept (PoC) per lo sfruttamento di 20 nuove vulnerabilità, di cui tre con gravità “critica” e 11 con gravità “alta”, in Gogs, un popolare servizio Git self-hosted.
Tipologia
- Remote Code Execution
- Authentication Bypass
- Arbitrary File Write
- Information Disclosure
- Privilege escalation
- Security Restriction Bypass
- Denial of Service
Prodotti e/o versioni affette
Gogs, versioni precedenti alla 0.14.3
Azioni di mitigazione
Ove non provveduto, si raccomanda di aggiornare tempestivamente i prodotti vulnerabili seguendo le indicazioni dei bollettini di sicurezza riportati nella sezione Riferimenti.
Riferimenti
- https://github.com/gogs/gogs/security/advisories/GHSA-w6j9-vw59-27wv
- https://github.com/gogs/gogs/security/advisories/GHSA-c4v7-xg93-qf8g
- https://github.com/gogs/gogs/security/advisories/GHSA-v8w7-f6gc-cqc2
- https://github.com/gogs/gogs/security/advisories/GHSA-pm6v-2h4w-4rp2
- https://github.com/gogs/gogs/security/advisories/GHSA-jq8v-rmf6-65jw
- https://github.com/gogs/gogs/security/advisories/GHSA-p9f5-h3rx-j5qw
- https://github.com/gogs/gogs/security/advisories/GHSA-pwx3-qcgw-vh7h
- https://github.com/gogs/gogs/security/advisories/GHSA-wv27-2vqp-j7g5
- https://github.com/gogs/gogs/security/advisories/GHSA-xxhq-69mf-w8cr
- https://github.com/gogs/gogs/security/advisories/GHSA-g2f5-gjr4-qjvm
- https://github.com/gogs/gogs/security/advisories/GHSA-qf6p-p7ww-cwr9
- https://github.com/gogs/gogs/security/advisories/GHSA-268j-37xf-pp52
- https://github.com/gogs/gogs/security/advisories/GHSA-5c3f-6486-3g7g
- https://github.com/gogs/gogs/security/advisories/GHSA-wmfg-5p4h-5fw3
- https://github.com/gogs/gogs/security/advisories/GHSA-89mr-xqfv-758m
- https://github.com/gogs/gogs/security/advisories/GHSA-6p9m-q3jp-47h4
- https://github.com/gogs/gogs/security/advisories/GHSA-c39w-43gm-34h5
- https://github.com/gogs/gogs/security/advisories/GHSA-xp79-5mx3-jx52
- https://github.com/gogs/gogs/security/advisories/GHSA-744x-3838-5r56
- https://github.com/gogs/gogs/security/advisories/GHSA-6vxv-wg6j-5qwp
CVE
Change log
| Versione | Note | Data |
|---|---|---|
| 1.0 | Pubblicato il 25-06-2026 | 25/06/2026 |
Il presente articolo è un prodotto originale di csirt.gov.it, riproposto qui a solo scopo di aumentarne la visibilità. Può essere visualizzato in versione originale al seguente link
Ultimo aggiornamento
25 Giugno 2026, 12:14