CVE-2024-3993104.07.2024, 16:15Gogs through 0.13.0 allows deletion of internal files.EnginsightProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVectorNISTNIST9.9 CRITICALNETWORKLOWLOWCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:HmitreCNA9.9 CRITICALNETWORKLOWLOWCVSS:3.1/AC:L/AV:N/A:H/C:H/I:H/PR:L/S:C/UI:NCISA-ADPADP------CVEADP------Base ScoreCVSS 3.xEPSS ScorePercentile: 79%VendorProductVersiongogsgogs𝑥≤ 0.13.0𝑥= Vulnerable software versionsCommon Weakness EnumerationCWE-552 - Files or Directories Accessible to External PartiesThe product makes files or directories accessible to unauthorized actors, even though they should not be.Referenceshttps://github.com/gogs/gogs/releaseshttps://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/https://github.com/gogs/gogs/releaseshttps://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/