Can you explain this vulnerability to me?

This vulnerability exists in Gogs, an open source self-hosted Git service, in versions 0.13.4 and below. The issue is that the DeleteComment API does not verify whether a comment actually belongs to the repository specified in the URL. As a result, a repository administrator can delete comments from any other repository by providing arbitrary comment IDs, effectively bypassing authorization controls.

The root cause is that the DeleteComment function retrieves comments by ID without checking repository ownership, and the underlying database function DeleteCommentByID does not perform any repository validation. This flaw was fixed in version 0.14.0.

Useful 0 Not Useful 0

How can this vulnerability impact me? :

This vulnerability allows a repository administrator to delete comments from any repository, not just the ones they manage. This can lead to unauthorized deletion of comments, potentially disrupting collaboration, removing important discussions or audit trails, and undermining trust in the integrity of repository data.

Useful 0 Not Useful 0

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know

Useful 0 Not Useful 0

How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know

Useful 0 Not Useful 0

What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade Gogs to version 0.14.0 or later, where the issue has been fixed.

Since the vulnerability allows repository administrators to delete comments from any repository by bypassing authorization, limiting repository administrator privileges and monitoring comment deletion activities may help reduce risk until the upgrade is applied.

Useful 0 Not Useful 0