CRITICAL🇵🇱 Wersja polska

CVE-2022-1884

CVSS 9.8v3.1pub. 2024-11-15upd. 2024-11-19

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.

🤖 AI Analysis
How it works

An attacker, without any authorization, uploads a file with the `tree_path` parameter set to `.git.`, which on Windows systems allows bypassing security measures and writing the file directly to the `.git` directory. This makes it possible to create or overwrite the `.git/config` file. If the `core.sshCommand` directive is set in the repository configuration, Git will execute the system command specified in it, leading to remote code execution (RCE).

Impact

An attacker can gain full control of the server by executing arbitrary system commands with the privileges of the Gogs process. The confidentiality, integrity, and availability of the entire system are at risk.

Mitigation & patch

Gogs should be updated to a version higher than 0.12.7. Details regarding available patches are available at the address indicated in the vendor references (huntr.com). As a temporary workaround, consider restricting access to file upload functionality or migrating to a non-Windows operating system.

Who is affected

Gogs in versions <= 0.12.7 deployed on Microsoft Windows servers

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
  • Gogs

    APP
    Gogs
    ≤ 0.12.7
  • Microsoft Windows

    OS
    Microsoft
    wszystkie wersje
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
Command Injection
CWE
References

Related vulnerabilities

CVE-2026-8398CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Atak na łańcuch dostaw DAEMON Tools Lite — trojanizacja instalatorów

CVE-2025-10585CRITICAL9.8⚠ KEVPL ✓ten sam produkt

Type confusion w V8 (Google Chrome) — zdalne uszkodzenie sterty

CVE-2025-34028CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Commvault Command Center – nieuwierzytelniony RCE przez path traversal w ZIP

CVE-2024-7262CRITICAL9.3⚠ KEVPL ✓ten sam produkt

Path Traversal w Kingsoft WPS Office — ładowanie dowolnej biblioteki Windows

CVE-2024-4577CRITICAL9.8⚠ KEVPL ✓ten sam produkt

PHP CGI argument injection – RCE na Windows przez mechanizm Best-Fit