Symlink Vulnerability in Gogs Self-Hosted Git Service
CVE-2024-54148

Currently unrated

Key Information:

Vendor: Gogs
Status: Gogs
Vendor: CVE Published:; 23 December 2024

What is CVE-2024-54148?

Gogs, an open-source self-hosted Git service, has a vulnerability that allows a malicious user to exploit crafted symlink files within repository commits. This weakness could lead to unauthorized SSH access to the server hosting Gogs. It is crucial for users to upgrade to version 0.13.1 or later to mitigate risks associated with this vulnerability and protect their server environments from potential exploitation.

Affected Version(s)

gogs < 0.13.1

References

https://github.com/gogs/gogs/security/advisories/GHSA-r7j...

x_refsource_CONFIRM

https://github.com/gogs/gogs/issues/7582

x_refsource_MISC

https://github.com/gogs/gogs/pull/7857

x_refsource_MISC

Timeline

Vulnerability published
Dec 23, 2024
Vulnerability Reserved
Nov 29, 2024