Lucene search
K

11 matches found

Check Point Advisories
Check Point Advisories
added 2022/07/20 12:0 a.m.35 views

Sourcegraph Command Injection (CVE-2022-23642)

A command injection vulnerability exists in Sourcegraph. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

6CVSS5.1AI score0.7431EPSS
Exploits8
Rapid7 Blog
Rapid7 Blog
added 2022/07/15 4:0 p.m.23 views

Metasploit Weekly Wrap-Up

JBOSS EAP/AS - More Deserializations? Indeed! Community contributor Heyder Andrade added in a new module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior. As far as we can tell this was first disclosed by Joao Matos in his...

6CVSS1AI score0.7431EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/07/13 12:0 a.m.371 views

Sourcegraph gitserver sshCommand Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sourcegraph gitserver sshCommand RCE', 'Description' = %q A vulnerability exists within Sourcegraph's gitserver component that allows a remote...

8.8CVSS0.3AI score0.7431EPSS
Exploits8
Packet Storm
Packet Storm
added 2022/06/20 12:0 a.m.314 views

Sourcegraph Gitserver 3.36.3 Remote Code Execution

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

8.8CVSS0.7431EPSS
Exploits8
Exploit DB
Exploit DB
added 2022/06/14 12:0 a.m.328 views

Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

8.8CVSS7AI score0.7431EPSS
Exploits8
0day.today
0day.today
added 2022/06/14 12:0 a.m.361 views

Sourcegraph Gitserver 3.36.3 - Remote Code Execution Exploit

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remote code execution...

8.8CVSS8.6AI score0.7431EPSS
Exploits8
GithubExploit
GithubExploit
added 2022/06/10 6:12 a.m.367 views

Exploit for Code Injection in Sourcegraph

PoC for Sourcegraph Gitserver 3.37.0 RCE CVE-2022-23642 S...

8.8CVSS8.9AI score0.7431EPSS
Exploits8
Circl
Circl
added 2022/02/19 2:38 a.m.36 views

CVE-2022-23642

creationtimestamp| type| source ---|---|--- 2022-02-19 02:38:45+00:00| seen| https://t.me/cibsecurity/37810 2022-06-12 13:48:14+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6186 2022-06-12 23:09:17+00:00| published-proof-of-concept| https://t.me/MrVGunz/218 2022-06-13...

8.8CVSS8AI score0.7431EPSS
Exploits8References5
CVE
CVE
added 2022/02/18 10:15 p.m.177 views

CVE-2022-23642

Sourcegraph prior to 3.37 is vulnerable to remote code execution in the gitserver service due to insufficient restriction on git config execution. The issue arises when an attacker who can access internal gitserver HTTP endpoints can set the git core.sshCommand option, causing git to execute arbi...

8.8CVSS8.8AI score0.7431EPSS
Exploits8References4Affected Software1
Cvelist
Cvelist
added 2022/02/18 10:15 p.m.63 views

CVE-2022-23642 Code Injection in Sourcegraph

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling git config. This allows an attacker to set the git core.sshCommand...

8.8CVSS9.1AI score0.7431EPSS
Exploits8References4
Vulnrichment
Vulnrichment
added 2022/02/18 10:15 p.m.6 views

CVE-2022-23642 Code Injection in Sourcegraph

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling git config. This allows an attacker to set the git core.sshCommand...

8.8CVSS8.8AI score0.7431EPSS
Exploits8References4
Rows per page
Query Builder