In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
Published June 22, 2020.
Gogs Gogs
