CVE-2020-15867
Gogs Git Hooks Remote Code Execution
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: because this is mentioned in the documentation but not in the UI, it could be considered a "Product UI does not Warn User of Unsafe Actions" issue.
La característica de gancho git en Gogs versiones 0.5.5 hasta 0.12.2 permite la ejecución de código remoto autenticado. Puede haber una escalada de privilegios si el acceso a esta característica de gancho se concede a un usuario que no tiene privilegios administrativos. NOTA: debido a que esto se menciona en la documentación pero no en la interfaz de usuario, podría considerarse un problema de "La interfaz de usuario del producto no advierte al usuario de acciones inseguras"
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-07-21 CVE Reserved
- 2020-10-16 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-11-09 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
CAPEC
References (4)
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Gogs Search vendor "Gogs" | Gogs Search vendor "Gogs" for product "Gogs" | >= 0.5.5 <= 0.12.2 Search vendor "Gogs" for product "Gogs" and version " >= 0.5.5 <= 0.12.2" | - |
Affected
| ||||||