Plateforme
go
Composant
gogs.io/gogs
Corrigé dans
0.13.2
0.13.1
CVE-2024-54148 is a critical Remote Command Execution (RCE) vulnerability discovered in gogs.io/gogs, a self-hosted Git service. This vulnerability allows an attacker to execute arbitrary commands on the server through manipulation of file editing functionality. Versions of Gogs prior to 0.13.1 are affected. A patch has been released in version 0.13.1.
The impact of CVE-2024-54148 is severe. An unauthenticated attacker can exploit this vulnerability to execute arbitrary commands on the Gogs server. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The attacker could potentially gain persistent access to the server and compromise other systems on the network if the Gogs server has access to internal resources. This vulnerability is particularly concerning given the potential for remote, unauthenticated exploitation.
CVE-2024-54148 has been published on 2025-01-07. The vulnerability is considered highly exploitable due to its RCE nature and lack of authentication requirements. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of exploitation. The EPSS score is expected to be high, reflecting the significant risk posed by this vulnerability.
Organizations running self-hosted Gogs instances, particularly those with publicly accessible repositories or limited access controls, are at significant risk. Shared hosting environments where multiple users share a single Gogs instance are also highly vulnerable, as a compromised user account could be used to exploit this vulnerability and gain access to the entire server.
• linux / server: Monitor Gogs logs for unusual file modification patterns, especially those containing shell commands. Use journalctl -u gogs to filter for relevant events.
journalctl -u gogs | grep -i "command injection"• go / supply-chain: Examine Gogs source code for instances of unsanitized user input used in shell commands. Review dependencies for known vulnerabilities.
• generic web: Attempt to exploit the file editing functionality by injecting shell commands into file names or content. Use curl to test endpoint exposure.
curl -X POST -d "<malicious_command>" <gogs_url>/edit/<filename>disclosure
Statut de l'Exploit
EPSS
0.47% (percentile 65%)
Vecteur CVSS
The primary mitigation for CVE-2024-54148 is to upgrade Gogs to version 0.13.1 or later. If immediate upgrading is not possible, consider restricting file editing access to trusted users only. Implement strict input validation on all file editing parameters to prevent command injection. Monitor Gogs logs for suspicious activity, particularly related to file modifications. While a WAF may offer some protection, it is not a substitute for patching the vulnerability.
Mettez à jour Gogs à la version 0.13.1 ou supérieure. Cette version corrige la vulnérabilité de path traversal qui permet à des utilisateurs malveillants d'obtenir un accès SSH au serveur. La mise à jour prévient l'exploitation de symlinks manipulés dans les dépôts.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2024-54148 is a critical Remote Command Execution vulnerability in gogs.io/gogs, allowing attackers to execute commands on the server through file editing. It affects versions before 0.13.1.
Yes, if you are running gogs.io/gogs version 0.13.0 or earlier, you are vulnerable. Upgrade to 0.13.1 or later to mitigate the risk.
Upgrade gogs.io/gogs to version 0.13.1 or later. If immediate upgrade is not possible, restrict file editing access and implement strict input validation.
While no active exploitation has been publicly confirmed, the vulnerability's severity and ease of exploitation suggest it is likely to be targeted soon.
Refer to the official gogs.io/gogs security advisories on their website or GitHub repository for the latest information and updates.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier go.mod et nous te dirons instantanément si tu es affecté.