40 matches found
Hardcoded credentials
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...
CVE-2022-39205
Onedev (open source Git server) has a critical remote issue in versions prior to 7.3.0 where unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint (meant to be localhost-restricted) relies on the X-Forwarded-F...
CVE-2022-39205 Access Control Bypass in Onedev
Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. In versions of Onedev prior to 7.3.0 unauthenticated users can take over a OneDev instance if there is no properly configured reverse proxy. The /git-prereceive-callback endpoint is used by the pre-receive git hook on the...
Talisman - By Hooking Into The Pre-Push Hook Provided By Git, Talisman Validates The Outgoing Changeset For Things That Look Suspicious
A tool to detect and prevent secrets from getting checked in What is Talisman? Talisman is a tool that installs a hook to your repository to ensure that potential secrets or sensitive information do not leave the developer's workstation. It validates the outgoing changeset for things that look...
Git LFS Clone Command Execution Exploit
Git clients that support delay-capable clean / smudge filters and symbolic links on case-insensitive file systems are vulnerable to remote code execution while cloning a repository. Usage of clean / smudge filters through Git LFS and a case-insensitive file system changes the checkout order of...
Git LFS Clone Command Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Git LFS Clone Command Exec', 'Description' = %q Git clients that support delay-capable clean / smudge filters and symbolic links on...
Gitea 1.12.5 - Remote Code Execution (Authenticated)
Exploit Title: Gitea 1.12.5 - Remote Code Execution Authenticated Date: 17 Feb 2020 Exploit Author: Podalirius PoC demonstration article: https://podalirius.net/en/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution/ Vendor Homepage: https://gitea.io/ Software Link:...
PT-2021-17853 · Gitea +1 · Gitea +1
Name of the Vulnerable Software and Affected Versions: Gitea versions 1.12.x through 1.13.3 Gitea versions 1.1.0 through 1.12.5 Description: The issue allows for cross-site scripting XSS via certain issue data in some situations. It also enables authenticated remote code execution through the git...
Gogs OS Command Injection Vulnerability
Gogs Go Git Service is a Go-based self-service Git hosting service , which supports creating and migrating public/private repositories , adding and removing repository collaborators and so on. An operating system command injection vulnerability exists in the git hook feature of Gogs versions 1.1....
CVE-2020-14144
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...
CVE-2020-14144
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...
Design/Logic Flaw
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...
Privilege escalation
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in th...
CVE-2020-15867
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in th...
CVE-2020-15867
Gogs 0.5.5–0.12.2 is vulnerable to authenticated remote code execution via the git hooks feature. The root cause is that privileged users can create git hooks (post-receive) and trigger code execution; non-admin users require explicit permission. The issue is exploitable through the web interface...
CVE-2020-14144
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLEGITHOOKS line i...
CVE-2020-14144
Gitea CVE-2020-14144 (and related CVE-2021-28378 context) reveals authenticated remote code execution via the git hooks feature in Gitea versions 1.1.0–1.12.5. The core issue is that the post-receive hook can execute arbitrary code when a user with privilege triggers it, enabling RCE on the serve...
PT-2020-13891
Name of the Vulnerable Software and Affected Versions Gitea versions 1.1.0 through 1.12.5 Description The git hook feature in Gitea might allow for authenticated remote code execution in customer environments where the documentation was not understood. The vendor has indicated this is not a...
Node.js third-party modules: [commit-msg] RCE via insecure command formatting
I would like to report a RCE issue in the commit-msg module. It allows to execute arbitrary commands remotely inside the victim's PC Module module name: commit-msg version: 0.2.3 npm page: https://www.npmjs.com/package/commit-msg Module Description commit-msg is a customizable git commit message...
Bitbucket 6.1.1 Path Traversal to RCE
Impact In Bitbucket the four different user roles Bitbucket User, Project Creator, Admin and System Admin exist. An attacker with the permissions of the role Admin can abuse Bitbuckets Data Center Migration tool to drop an executable shell script in an arbitrary directory. This is caused by a...