Lucene search
+L

4 matches found

Packet Storm
Packet Storm
added 2021/04/07 12:0 a.m.1183 views

Gogs Git Hooks Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Gogs Git Hooks Remote Code Execution', 'Description' = %q This module leverages an insecure setting to get remote code execution on the target OS...

6.5CVSS0.1AI score0.95432EPSS
Exploits13
Circl
Circl
added 2020/10/16 6:42 p.m.35 views

CVE-2020-15867

creationtimestamp| type| source ---|---|--- 2020-10-16 18:42:22+00:00| seen| https://t.me/cibsecurity/15327 2021-04-07 18:51:53+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gogsgithooksrce.rb 2021-09-21 06:42:51+00:00|...

7.2CVSS7AI score0.87153EPSS
Exploits4References3
CVE
CVE
added 2020/10/16 1:4 p.m.123 views

CVE-2020-15867

Gogs 0.5.5–0.12.2 is vulnerable to authenticated remote code execution via the git hooks feature. The root cause is that privileged users can create git hooks (post-receive) and trigger code execution; non-admin users require explicit permission. The issue is exploitable through the web interface...

7.2CVSS7.4AI score0.87153EPSS
Exploits4References2Affected Software1
Cvelist
Cvelist
added 2020/10/16 1:4 p.m.38 views

CVE-2020-15867

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in th...

7.5AI score0.87153EPSS
Exploits4References2
Rows per page
Query Builder