Headline

GHSA-67mx-jc2f-jgjm: OS Command Injection in file editor in Gogs

Impact

The malicious user is able to update a crafted config file into repository’s .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled (default) are affected.

Patches

File deletions are prohibited to repository’s .git directory. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.

Workarounds

N/A

References

https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930/

For more information

If you have any questions or comments about this advisory, please post on #7000.

2 years ago

ghsa

Open in Source

#vulnerability #git #ssh

GitHub Advisory Database
GitHub Reviewed
CVE-2022-1986

OS Command Injection in file editor in Gogs

Critical severity GitHub Reviewed Published Jun 8, 2022 in gogs/gogs • Updated Jun 8, 2022

Vulnerability details Dependabot alerts 0

Package

gomod gogs.io/gogs (Go )

Affected versions

< 0.12.9

Patched versions

0.12.9

Description

Impact

The malicious user is able to update a crafted config file into repository’s .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled (default) are affected.

Patches

File deletions are prohibited to repository’s .git directory. Users should upgrade to 0.12.9 or the latest 0.13.0+dev.

Workarounds

N/A

References

https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930/

For more information

If you have any questions or comments about this advisory, please post on #7000.

References

GHSA-67mx-jc2f-jgjm
gogs/gogs@38aff73
https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129
https://huntr.dev/bounties/776e8f29-ff5e-4501-bb9f-0bd335007930/

unknwon published the maintainer security advisory

Jun 8, 2022

Severity

Critical

Weaknesses

CWE-78

CVE ID

CVE-2022-1986

GHSA ID

GHSA-67mx-jc2f-jgjm

Source code

gogs/gogs