Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1.
Metrics
Affected Vendors & Products
References
History
Mon, 23 Dec 2024 15:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Gogs is an open source self-hosted Git service. A malicious user is able to commit and edit a crafted symlink file to a repository to gain SSH access to the server. The vulnerability is fixed in 0.13.1. | |
Title | Gogs has a Path Traversal in file editing UI | |
Weaknesses | CWE-22 CWE-61 |
|
References |
| |
Metrics |
cvssV4_0
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-23T15:22:48.244Z
Updated: 2024-12-23T15:22:48.244Z
Reserved: 2024-11-29T18:02:16.756Z
Link: CVE-2024-54148
Vulnrichment
No data.
NVD
Status : Received
Published: 2024-12-23T16:15:07.010
Modified: 2024-12-23T16:15:07.010
Link: CVE-2024-54148
Redhat
No data.