{ "document" : { "aggregate_severity" : { "text" : "kritisch" }, "category" : "csaf_base", "csaf_version" : "2.0", "distribution" : { "tlp" : { "label" : "WHITE", "url" : "https://www.first.org/tlp/" } }, "lang" : "de-DE", "notes" : [ { "category" : "legal_disclaimer", "text" : "Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen." }, { "category" : "description", "text" : "Gogs ist ein einfacher Git-Server.", "title" : "Produktbeschreibung" }, { "category" : "summary", "text" : "Ein Angreifer kann mehrere Schwachstellen in Gogs ausnutzen, um erweiterte Berechtigungen zu erlangen, beliebigen Code auszuführen – sogar mit erweiterten Berechtigungen, was zur vollständigen Kontrolle über das System führen kann –, Sicherheitsmaßnahmen zu umgehen, Daten zu manipulieren, Cross-Site-Scripting-Angriffe durchzuführen, Benutzer auf bösartige Websites umzuleiten oder einen Denial-of-Service-Zustand zu verursachen.", "title" : "Angriff" }, { "category" : "general", "text" : "- Sonstiges\n- UNIX", "title" : "Betroffene Betriebssysteme" } ], "publisher" : { "category" : "other", "contact_details" : "csaf-provider@cert-bund.de", "name" : "Bundesamt für Sicherheit in der Informationstechnik", "namespace" : "https://www.bsi.bund.de" }, "references" : [ { "category" : "self", "summary" : "WID-SEC-W-2026-2013 - CSAF Version", "url" : "https://wid.cert-bund.de/.well-known/csaf/white/2026/wid-sec-w-2026-2013.json" }, { "category" : "self", "summary" : "WID-SEC-2026-2013 - Portal Version", "url" : "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-2013" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-268j-37xf-pp52 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-268j-37xf-pp52" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-3qq3-668m-v9mj vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-3qq3-668m-v9mj" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-3w28-36p9-w929 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-3w28-36p9-w929" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-4565-r4x7-hg8j vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-4565-r4x7-hg8j" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-4j89-2c4f-44c6 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-4j89-2c4f-44c6" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-5c3f-6486-3g7g vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-5c3f-6486-3g7g" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-6p9m-q3jp-47h4 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-6p9m-q3jp-47h4" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-6vxv-wg6j-5qwp vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-6vxv-wg6j-5qwp" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-744x-3838-5r56 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-744x-3838-5r56" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-89mr-xqfv-758m vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-89mr-xqfv-758m" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-c39w-43gm-34h5 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-c39w-43gm-34h5" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-c4v7-xg93-qf8g vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-c4v7-xg93-qf8g" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-g2f5-gjr4-qjvm vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-g2f5-gjr4-qjvm" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-jq8v-rmf6-65jw vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-jq8v-rmf6-65jw" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-p9f5-h3rx-j5qw vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-p9f5-h3rx-j5qw" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-pwx3-qcgw-vh7h vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-pwx3-qcgw-vh7h" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-qf6p-p7ww-cwr9 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-qf6p-p7ww-cwr9" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-v8w7-f6gc-cqc2 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-v8w7-f6gc-cqc2" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-vcm5-gvmp-78mp vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-vcm5-gvmp-78mp" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-w6j9-vw59-27wv vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-w6j9-vw59-27wv" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-wmfg-5p4h-5fw3 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-wmfg-5p4h-5fw3" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-wv27-2vqp-j7g5 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-wv27-2vqp-j7g5" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-xp79-5mx3-jx52 vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-xp79-5mx3-jx52" }, { "category" : "external", "summary" : "GitHub Security Advisory GHSA-xxhq-69mf-w8cr vom 2026-06-18", "url" : "https://github.com/gogs/gogs/security/advisories/GHSA-xxhq-69mf-w8cr" } ], "source_lang" : "en-US", "title" : "Gogs: Mehrere Schwachstellen", "tracking" : { "current_release_date" : "2026-06-18T22:00:00.000+00:00", "generator" : { "date" : "2026-06-19T10:24:55.090+00:00", "engine" : { "name" : "BSI-WID", "version" : "1.6.0" } }, "id" : "WID-SEC-W-2026-2013", "initial_release_date" : "2026-06-18T22:00:00.000+00:00", "revision_history" : [ { "date" : "2026-06-18T22:00:00.000+00:00", "number" : "1", "summary" : "Initiale Fassung" } ], "status" : "final", "version" : "1" } }, "product_tree" : { "branches" : [ { "branches" : [ { "branches" : [ { "category" : "product_version_range", "name" : "<0.14.3", "product" : { "name" : "Open Source Gogs <0.14.3", "product_id" : "T055635" } }, { "category" : "product_version", "name" : "0.14.3", "product" : { "name" : "Open Source Gogs 0.14.3", "product_id" : "T055635-fixed", "product_identification_helper" : { "cpe" : "cpe:/a:gogs:gogs:0.14.3" } } } ], "category" : "product_name", "name" : "Gogs" } ], "category" : "vendor", "name" : "Open Source" } ] }, "vulnerabilities" : [ { "cve" : "CVE-2022-1285", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2022-1285" }, { "cve" : "CVE-2024-39930", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2024-39930" }, { "cve" : "CVE-2024-39932", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2024-39932" }, { "cve" : "CVE-2024-39933", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2024-39933" }, { "cve" : "CVE-2025-64719", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2025-64719" }, { "cve" : "CVE-2026-25119", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-25119" }, { "cve" : "CVE-2026-26194", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-26194" }, { "cve" : "CVE-2026-47267", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-47267" }, { "cve" : "CVE-2026-52795", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52795" }, { "cve" : "CVE-2026-52796", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52796" }, { "cve" : "CVE-2026-52798", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52798" }, { "cve" : "CVE-2026-52799", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52799" }, { "cve" : "CVE-2026-52800", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52800" }, { "cve" : "CVE-2026-52801", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52801" }, { "cve" : "CVE-2026-52802", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52802" }, { "cve" : "CVE-2026-52804", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52804" }, { "cve" : "CVE-2026-52805", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52805" }, { "cve" : "CVE-2026-52806", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52806" }, { "cve" : "CVE-2026-52807", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52807" }, { "cve" : "CVE-2026-52808", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52808" }, { "cve" : "CVE-2026-52809", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52809" }, { "cve" : "CVE-2026-52810", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52810" }, { "cve" : "CVE-2026-52811", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52811" }, { "cve" : "CVE-2026-52812", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52812" }, { "cve" : "CVE-2026-52813", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52813" }, { "cve" : "CVE-2026-52814", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52814" }, { "cve" : "CVE-2026-52815", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52815" }, { "cve" : "CVE-2026-52816", "product_status" : { "known_affected" : [ "T055635" ] }, "release_date" : "2026-06-18T22:00:00.000+00:00", "title" : "CVE-2026-52816" } ] }