CVE-2020-14144

Gitea Git Hooks Remote Code Execution

Severity Score

7.2

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.

** EN DISPUTA ** La funcionalidad git hook en Gitea versiones 1.1.0 hasta 1.12.5 podría permitir la ejecución de código remoto autenticado en entornos de clientes donde la documentación no fue entendida (por ejemplo, un punto de vista es que la peligrosidad de esta característica debería ser documentada inmediatamente encima de la línea ENABLE_GIT_HOOKS en el archivo de configuración). NOTA: El proveedor ha indicado que no se trata de una vulnerabilidad y afirma: "Se trata de una funcionalidad del software que se limita a un subconjunto muy limitado de cuentas". Si le das a alguien el privilegio de ejecutar un código arbitrario en tu servidor, puede ejecutar un código arbitrario en tu servidor. Proporcionamos advertencias muy claras a los usuarios sobre esta funcionalidad y lo que proporciona.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

Single

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2020-06-15 CVE Reserved
2020-10-16 CVE Published
2022-05-03 First Exploit
2024-08-04 CVE Updated
2024-10-23 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (11)

URL	Tag	Source
https://docs.github.com/en/enterprise-server%402.19/admin/policies/creating-a-pre-receive-hook-script	X_refsource_misc
https://docs.gitlab.com/ee/administration/server_hooks.html	Third Party Advisory
https://github.com/go-gitea/gitea/pull/13058	Third Party Advisory
https://github.com/go-gitea/gitea/releases	Release Notes
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent	Third Party Advisory
https://podalirius.net/articles/exploiting-cve-2020-14144-gitea-authenticated-remote-code-execution
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1126-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent

URL	Date	SRC
https://github.com/p0dalirius/CVE-2020-14144-GiTea-git-hooks-rce	2022-05-03
http://packetstormsecurity.com/files/162122/Gitea-Git-Hooks-Remote-Code-Execution.html	2024-08-04
https://github.com/PandatiX/CVE-2021-28378	2024-08-04
https://github.com/PandatiX/CVE-2021-28378#notes	2024-08-04

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Gitea Search vendor "Gitea"		Gitea Search vendor "Gitea" for product "Gitea"				>= 1.1.0 <= 1.12.5 Search vendor "Gitea" for product "Gitea" and version " >= 1.1.0 <= 1.12.5"		-		Affected