PT-2023-9826 · Gogs+1 · Gogs+1

Manassehzhou

Publicado

2023-10-27

Atualizado

2025-12-15

CVE-2024-54148

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Gogs versions prior to 0.13.1

Description The issue is related to errors in handling symbolic links in the Gogs self-hosted Git service. A malicious user can commit and edit a crafted symlink file to a repository, allowing them to gain SSH access to the server.

Recommendations For versions prior to 0.13.1, upgrade to version 0.13.1 or later to protect the server. As a temporary workaround, consider granting access only to trusted users to the Gogs instance on affected versions.

Exploit

Correção

Path traversal

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-61CWE-22CWE-20

Identificadores relacionados

BDU:2025-00102

CVE-2024-54148

GHSA-R7J8-5H9C-F6FX

GO-2024-3355

OPENSUSE-SU-2025:14624-1

OPENSUSE-SU-2025_0060-1

SUSE-SU-2025:0060-1

Produtos afetados

Gogs

Suse

PT-2023-9826 · Gogs+1 · Gogs+1

CVE-2024-54148

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 46