CVE-2022-31038

XSS vulnerability in repository issue list in Gogs

CVSS 5.4 MEDIUMEPSS 0.7%CWE-79

In short

Gogs allows attackers to inject malicious scripts into user display names, which are then executed in other users' browsers when viewing issue lists. This can lead to session hijacking or credential theft.

Technical detail

The `DisplayName` field in Gogs prior to 0.12.9 lacks output encoding/sanitization, enabling stored XSS attacks via the issue list interface. An authenticated attacker can inject HTML/JavaScript that executes in victims' browsers with their privileges. The vulnerability requires user interaction (viewing the issue list) and results in account compromise or data exfiltration.

Summary generated and translated by AI from the official description.

Gogs is an open source self-hosted Git service. In versions of gogs prior to 0.12.9 `DisplayName` does not filter characters input from users, which leads to an XSS vulnerability when directly displayed in the issue list. This issue has been resolved in commit 155cae1d which sanitizes `DisplayName` prior to display to the user. All users of gogs are advised to upgrade. Users unable to upgrade should check their users' display names for malicious characters.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Affected products

gogs · gogs

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/gogs/gogs/commit/155cae1de8916fc3fde78f350763034b7422caee https://github.com/gogs/gogs/pull/7009 https://github.com/gogs/gogs/security/advisories/GHSA-xq4v-vrp9-vcf2