GHSA-958j-443g-7mm7: OS Command Injection in gogs

1. GitHub Advisory Database
2. GitHub Reviewed
3. CVE-2022-1884

OS Command Injection in gogs

Critical severity GitHub Reviewed Published Jun 2, 2022 in gogs/gogs • Updated Jun 2, 2022

Vulnerability details Dependabot alerts 0

Package

gomod gogs.io/gogs (Go )

Affected versions

< 0.12.8

Patched versions

0.12.8

Description

Impact

The malicious user is able to upload a crafted config file into repository’s .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled (default) are affected.

Patches

Repository file uploads are prohibited to its .git directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.

Workarounds

Disable repository files upload.

References

https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/

For more information

If you have any questions or comments about this advisory, please post on #6968.

References

• GHSA-958j-443g-7mm7
• gogs/gogs#6968
• gogs/gogs#6970
• https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129
• https://github.com/gogs/gogs/releases/tag/v0.12.8
• https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/

unknwon published the maintainer security advisory

May 31, 2022

Severity

Critical

Weaknesses

CWE-78

CVE ID

CVE-2022-1884

GHSA ID

GHSA-958j-443g-7mm7

Source code

gogs/gogs

Credits

• 1135

See something to contribute? Suggest improvements for this vulnerability.