GoogleOSV:GHSA-PFVH-P8QP-9WW9Gogs OS Command Injection vulnerability
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.1%
Impact
The malicious user is able to update a crafted config file into repository’s .git directory in combination with crafted file deletion to gain SSH access to the server on case-insensitive file systems. All installations with repository upload enabled (default) on case-insensitive file systems (Windows, macOS, etc.) are affected.
Patches
Make sanitization of upload path to .git directory to be case-insensitive. Users should upgrade to 0.12.11 or the latest 0.13.0+dev.
Workarounds
Disable repository upload.
References
https://huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97/
For more information
If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/7030.
| CPE | Name | Operator | Version |
|---|---|---|---|
| gogs.io/gogs | lt | 0.12.11 |
References
github.com/gogs/gogs
github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129
github.com/gogs/gogs/commit/15d0d6a94be0098a8227b6b95bdf2daed105ec41
github.com/gogs/gogs/issues/7030
github.com/gogs/gogs/security/advisories/GHSA-pfvh-p8qp-9ww9
huntr.dev/bounties/18cf9256-23ab-4098-a769-85f8da130f97
nvd.nist.gov/vuln/detail/CVE-2022-2024
Related
9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.002 Low
EPSS
Percentile
55.1%