4 matches found
Gogs Git Hooks Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gogs Git Hooks Remote Code Execution', 'Description' = %q This module leverages an insecure setting to get remote code execution on the target OS...
CVE-2020-15867
creationtimestamp| type| source ---|---|--- 2020-10-16 18:42:22+00:00| seen| https://t.me/cibsecurity/15327 2021-04-07 18:51:53+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gogsgithooksrce.rb 2021-09-21 06:42:51+00:00|...
CVE-2020-15867
Gogs 0.5.5–0.12.2 is vulnerable to authenticated remote code execution via the git hooks feature. The root cause is that privileged users can create git hooks (post-receive) and trigger code execution; non-admin users require explicit permission. The issue is exploitable through the web interface...
CVE-2020-15867
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in th...