📄 Description (English)
Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, a path traversal vulnerability exists in the updateWikiPage function of Gogs. The vulnerability allows an authenticated user with write access to a repository's wiki to delete arbitrary files on the server by manipulating the old_title parameter in the wiki editing form. This issue has been patched in versions 0.13.4 and 0.14.0+dev.
🤖 AI Executive Summary
Gogs versions 0.13.3 and prior contain a path traversal vulnerability in wiki page editing that allows authenticated users with repository write access to delete arbitrary files on the server. This high-severity vulnerability (CVSS 8.1) poses significant risk to organizations using self-hosted Gogs instances for source code management and documentation. Immediate patching to version 0.13.4 or 0.14.0+ is critical to prevent unauthorized file deletion and potential system compromise.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 26, 2026 06:57
🇸🇦 Saudi Arabia Impact Assessment
Saudi government agencies, research institutions, and technology companies using self-hosted Gogs for source code repositories face significant risk. The vulnerability particularly impacts: (1) Government IT departments and NCA-regulated entities managing sensitive code repositories; (2) ARAMCO and energy sector organizations using Gogs for internal development; (3) Banking and financial institutions (SAMA-regulated) if Gogs is used for fintech development; (4) Telecommunications providers (STC, Mobily) managing infrastructure code; (5) Universities and research centers using Gogs for collaborative development. Authenticated attackers could delete critical source code, configuration files, or system files, leading to operational disruption and potential data loss.
🏢 Affected Saudi Sectors
Government and Public Administration
Banking and Financial Services
Energy and Utilities
Telecommunications
Healthcare
Education and Research
Technology and Software Development
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all Gogs instances in your environment running version 0.13.3 or earlier using: grep -r 'version' /path/to/gogs/conf/app.ini or check admin panel
2. Restrict wiki write access to trusted users only; review repository permissions immediately
3. Implement network segmentation to limit Gogs server access
4. Enable audit logging for all wiki operations
PATCHING GUIDANCE:
1. Upgrade to Gogs version 0.13.4 or 0.14.0+ immediately
2. Backup all repositories and wiki data before patching
3. Test patches in non-production environment first
4. Schedule maintenance window for production upgrades
COMPENSATING CONTROLS (if immediate patching not possible):
1. Disable wiki functionality temporarily via app.ini: ENABLE_WIKI = false
2. Implement file integrity monitoring (FIM) on Gogs server directories
3. Restrict Gogs process permissions using AppArmor/SELinux profiles
4. Monitor file deletion events: auditctl -w /path/to/gogs -p wa -k gogs_changes
DETECTION RULES:
1. Monitor HTTP POST requests to /wiki/edit with suspicious old_title parameters containing ../ or absolute paths
2. Alert on unexpected file deletions in Gogs data directories
3. Log all wiki page edit operations and correlate with file system changes
4. Monitor for path traversal patterns: old_title=.*\.\..*|old_title=^/
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. حدد جميع نسخ Gogs في بيئتك التي تعمل بالإصدار 0.13.3 أو أقدم باستخدام: grep -r 'version' /path/to/gogs/conf/app.ini أو تحقق من لوحة المسؤول
2. قيد وصول كتابة الويكي للمستخدمين الموثوقين فقط؛ راجع أذونات المستودع فوراً
3. طبق تقسيم الشبكة لتحديد وصول خادم Gogs
4. فعّل تسجيل التدقيق لجميع عمليات الويكي
إرشادات التصحيح:
1. قم بالترقية إلى إصدار Gogs 0.13.4 أو 0.14.0+ فوراً
2. قم بعمل نسخة احتياطية من جميع المستودعات وبيانات الويكي قبل التصحيح
3. اختبر التصحيحات في بيئة غير الإنتاج أولاً
4. جدول نافذة صيانة لترقيات الإنتاج
الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):
1. عطّل وظيفة الويكي مؤقتاً عبر app.ini: ENABLE_WIKI = false
2. طبق مراقبة سلامة الملفات (FIM) على دلائل خادم Gogs
3. قيد أذونات عملية Gogs باستخدام ملفات تعريف AppArmor/SELinux
4. راقب أحداث حذف الملفات: auditctl -w /path/to/gogs -p wa -k gogs_changes
قواعد الكشف:
1. راقب طلبات HTTP POST إلى /wiki/edit مع معاملات old_title مريبة تحتوي على ../ أو مسارات مطلقة
2. أصدر تنبيهات عند حذف ملفات غير متوقعة في دلائل بيانات Gogs
3. سجل جميع عمليات تحرير صفحات الويكي وربطها بتغييرات نظام الملفات
4. راقب أنماط اجتياز المسار: old_title=.*\.\..*|old_title=^/
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
ECC 2024 A.12.4.1 - Event logging and monitoring of system access
ECC 2024 A.14.2.1 - Change management procedures for software updates
ECC 2024 A.12.6.1 - Management of technical vulnerabilities
ECC 2024 A.13.1.3 - Segregation of duties and access control
🔵 SAMA CSF
SAMA CSF ID.AM-2 - Asset inventory and management
SAMA CSF PR.AC-1 - Access control and authentication
SAMA CSF DE.CM-1 - Detection and monitoring of anomalies
SAMA CSF RS.MI-2 - Incident response and mitigation
🟡 ISO 27001:2022
ISO 27001:2022 A.5.23 - Information security for supplier relationships
ISO 27001:2022 A.8.1 - User endpoint devices
ISO 27001:2022 A.12.6.1 - Management of technical vulnerabilities
ISO 27001:2022 A.14.2.1 - Change management
🟣 PCI DSS v4.0.1
PCI DSS 6.2 - Security patches and updates
PCI DSS 10.2 - Logging and monitoring of access
📦 Affected Products / CPE 1 entries
gogs:gogs