11 matches found
Sourcegraph Command Injection (CVE-2022-23642)
A command injection vulnerability exists in Sourcegraph. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...
Metasploit Weekly Wrap-Up
JBOSS EAP/AS - More Deserializations? Indeed! Community contributor Heyder Andrade added in a new module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior. As far as we can tell this was first disclosed by Joao Matos in his...
Sourcegraph gitserver sshCommand Remote Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sourcegraph gitserver sshCommand RCE', 'Description' = %q A vulnerability exists within Sourcegraph's gitserver component that allows a remote...
Sourcegraph Gitserver 3.36.3 Remote Code Execution
Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...
Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)
Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...
Sourcegraph Gitserver 3.36.3 - Remote Code Execution Exploit
Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remote code execution...
Exploit for Code Injection in Sourcegraph
PoC for Sourcegraph Gitserver 3.37.0 RCE CVE-2022-23642 S...
CVE-2022-23642
creationtimestamp| type| source ---|---|--- 2022-02-19 02:38:45+00:00| seen| https://t.me/cibsecurity/37810 2022-06-12 13:48:14+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6186 2022-06-12 23:09:17+00:00| published-proof-of-concept| https://t.me/MrVGunz/218 2022-06-13...
CVE-2022-23642
Sourcegraph prior to 3.37 is vulnerable to remote code execution in the gitserver service due to insufficient restriction on git config execution. The issue arises when an attacker who can access internal gitserver HTTP endpoints can set the git core.sshCommand option, causing git to execute arbi...
CVE-2022-23642 Code Injection in Sourcegraph
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling git config. This allows an attacker to set the git core.sshCommand...
CVE-2022-23642 Code Injection in Sourcegraph
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling git config. This allows an attacker to set the git core.sshCommand...