Lucene search
K

CVE-2024-39930

🗓️ 04 Jul 2024 00:00:00Reported by mitreType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 243 Views🌐 WEB

Gogs SSH server allows argument injection leading to remote code executio

Related
Detection
Refs
Paths
Social
NVD
Vulnrichment
Node
gogsgogsRange0.13.0
ParameterPositionPathDescriptionCWE
namepath/users/{username}/tokensAPI token creation endpoint used in exploit flow to obtain an authentication tokenCWE-88
namerequest body/user/reposCreate a repository for hosting payloads as part of exploit processCWE-88
descriptionrequest body/user/reposCreate a repository for hosting payloads as part of exploit processCWE-88
privaterequest body/user/reposCreate a repository for hosting payloads as part of exploit processCWE-88
titlerequest body/user/keysAdd SSH public key to the user account to enable SSH-based exploit stepsCWE-88
keyrequest body/user/keysAdd SSH public key to the user account to enable SSH-based exploit stepsCWE-88
idpath/user/keys/{id}Delete an SSH key by id as part of cleanup in the exploit workflowCWE-88

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation