CVE-2024-54148

Gogs has a Path Traversal in file editing UI

CVSS 8.7 HIGHEPSS 0.8%CWE-22 CWE-61

In short

Gogs allows attackers to exploit symlink files in repositories to gain unauthorized SSH access to the server. By committing and editing specially crafted symlink files, a malicious user can bypass access controls and compromise the system.

Technical detail

This path traversal vulnerability (CWE-22, CWE-61) in Gogs' file editing UI permits authenticated users to commit symlink files that traverse directories outside the repository scope. The flaw enables attackers to manipulate SSH access mechanisms, potentially leading to remote code execution or unauthorized system access. Exploitation requires repository write access.

Summary generated and translated by AI from the official description.

Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

gogs · gogs

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/gogs/gogs/commit/c94baec9ca923f38c19f0c7c5af722b9ec04022a https://github.com/gogs/gogs/issues/7582 https://github.com/gogs/gogs/pull/7857 https://github.com/gogs/gogs/security/advisories/GHSA-r7j8-5h9c-f6fx