Arbitrary File Write Vulnerability in Gogs Self-Hosted Git Service
CVE-2024-55947

8.8HIGH

Key Information:

Vendor

Gogs

Status
Gogs
Vendor
CVE Published:
23 December 2024

What is CVE-2024-55947?

Gogs, a widely used open-source self-hosted Git service, is affected by a vulnerability that allows a malicious user to write files to arbitrary paths on the server. This unauthorized file write can enable attackers to gain SSH access, potentially compromising the entire server. It is critical for users of Gogs to upgrade to version 0.13.1 or later to mitigate this risk. For more detailed information, please refer to the official security advisory and related discussions on GitHub.

Affected Version(s)

gogs < 0.13.1

References

https://github.com/gogs/gogs/security/advisories/GHSA-qf5...
x_refsource_CONFIRM
https://github.com/gogs/gogs/issues/7582
x_refsource_MISC
https://github.com/gogs/gogs/pull/7859
x_refsource_MISC

CVSS V3.1

Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.