Skip to main content

Improper Preservation of Permissions

CVE-2020-14958

Severity Medium
Score 6.5/10

Summary

In Gogs 0.11.91, MakeEmailPrimary in models/user_mail.go lacks a "not the owner of the email" check.

  • LOW
  • NETWORK
  • HIGH
  • UNCHANGED
  • NONE
  • LOW
  • NONE
  • NONE

CWE-281 - Improper Preservation of Permissions

The software does not preserve permissions or incorrectly preserves permissions when copying, restoring, or sharing objects, which can cause them to have less restrictive permissions than intended.

Advisory Timeline

  • Published