Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2022-1884

CRITICAL
Published 2024-11-15T10:53:00.844Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2022-1884. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
10.0
/10
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.073
probability
of exploitation in the wild

There is a 7.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.912
Higher than 91.2% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

A remote command execution vulnerability exists in gogs/gogs versions <=0.12.7 when deployed on a Windows server. The vulnerability arises due to improper validation of the `tree_path` parameter during file uploads. An attacker can set `tree_path=.git.` to upload a file into the .git directory, allowing them to write or rewrite the `.git/config` file. If the `core.sshCommand` is set, this can lead to remote command execution.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

gogs

gogs/gogs

Affected Versions:

unspecified
gogs

gogs

Affected Versions:

0

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

OS Command Injection in gogs

GHSA-958j-443g-7mm7

Advisory Details

### Impact The malicious user is able to upload a crafted `config` file into repository's `.git` directory with to gain SSH access to the server. All Windows installations with [repository upload enabled (default)](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129) are affected. ### Patches Repository file uploads are prohibited to its `.git` directory. Users should upgrade to 0.12.8 or the latest 0.13.0+dev. ### Workarounds [Disable repository files upload](https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L128-L129). ### References https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b/ ### For more information If you have any questions or comments about this advisory, please post on #6968.

Affected Packages

Go gogs.io/gogs
ECOSYSTEM: ≥0 <0.12.8

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

References

WEB https://github.com/gogs/gogs/security/advisories/GHSA-958j-443g-7mm7
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2022-1884
WEB https://github.com/gogs/gogs/issues/6968
WEB https://github.com/gogs/gogs/pull/6970
PACKAGE https://github.com/gogs/gogs
WEB https://github.com/gogs/gogs/blob/f36eeedbf89328ee70cc3a2e239f6314f9021f58/conf/app.ini#L127-L129
WEB https://github.com/gogs/gogs/releases/tag/v0.12.8
WEB https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b
WEB https://www.huntr.dev/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b

Advisory provided by GitHub Security Advisory Database. Published: June 2, 2022, Modified: November 15, 2024

References

https://huntr.com/bounties/9cd4e7b7-0979-4e5e-9a1c-388b58dea76b
Published: 2024-11-15T10:53:00.844Z
Last Modified: 2024-11-15T19:15:02.353Z
Copied to clipboard!