Soft Serve Security Vulnerabilities and Issues — Soft Serve CVE List

Lucene search

CharmbraceletSoft Serve

3 matches found

CVE•added 2025/01/08 4:15 p.m.•54 views

CVE-2025-22130

Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without exp...

5.3CVSS6.5AI score0.00155EPSS

CVE•added 2023/10/04 9:15 p.m.•50 views

CVE-2023-43809

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentication is active, through the allow-keyless setting...

7.5CVSS7.6AI score0.00184EPSS

CVE•added 2024/08/01 10:15 p.m.•45 views

CVE-2024-41956

Soft Serve is a self-hostable Git server for the command line. Prior to 0.7.5, it is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git. The issue is that Soft Serve passes all environment variables given by t...

8.1CVSS8.3AI score0.00284EPSS