First published: Sun Jun 21 2020(Updated: )
In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Gogs Gogs | =0.11.91 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID is CVE-2020-14958.
The severity of CVE-2020-14958 is medium (6.5).
Gogs version 0.11.91 is affected by CVE-2020-14958.
To fix CVE-2020-14958, update Gogs to a version that includes the fix, such as version 0.11.92 or later.
You can find more information about CVE-2020-14958 on the GitHub commit (https://github.com/gogs/gogs/commit/82ff0c5852f29daa5f95d965fd50665581e7ea3c) and pull request (https://github.com/gogs/gogs/pull/5988) related to the fix.