Lucene search

Https://gitlab.com/gitlab-org/security-products/gemnasium-dbGITLAB-9068EB95DEF5374942F081B5A5164E46

HistoryJun 02, 2022 - 12:00 a.m.

OS Command Injection in gogs

2022-06-0200:00:00

https://gitlab.com/gitlab-org/security-products/gemnasium-db

gitlab.com

os command injection

gogs

ssh access

windows installations

repository upload

0.12.8

0.13.0+dev

disable repository upload.

JSON

Impact

The malicious user is able to upload a crafted config file into repository’s .git directory with to gain SSH access to the server. All Windows installations with repository upload enabled (default) are affected.

Patches

Repository file uploads are prohibited to its .git directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev.

Workarounds

Disable repository files upload.

References

https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/

For more information

If you have any questions or comments about this advisory, please post on #6968.

References

github.com/advisories/GHSA-958j-443g-7mm7

github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129

github.com/gogs/gogs/issues/6968

github.com/gogs/gogs/pull/6970

github.com/gogs/gogs/releases/tag/v0.12.8

github.com/gogs/gogs/security/advisories/GHSA-958j-443g-7mm7

www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/

JSON

Related for GITLAB-9068EB95DEF5374942F081B5A5164E46