Vulnerability Details : CVE-2021-32546

Missing input validation in internal/db/repo_editor.go in Gogs before 0.12.8 allows an attacker to execute code remotely. An unprivileged attacker (registered user) can overwrite the Git configuration in his repository. This leads to Remote Command Execution, because that configuration can contain an option such as sshCommand, which is executed when a master branch is a remote branch (using an ssh:// URI). The remote branch can also be configured by editing the Git configuration file. One can create a new file in a new repository, using the GUI, with "\" as its name, and then rename this file to .git/config with the custom configuration content (and then save it).

Vulnerability category: Execute code

Published 2022-06-02 14:15:29

Updated 2022-06-09 14:49:48

Source MITRE

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-32546

Probability of exploitation activity in the next 30 days: 0.23%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 60 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-32546

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Source
6.5	MEDIUM	AV:N/AC:L/Au:S/C:P/I:P/A:P	8.0	6.4	[email protected]
Access Vector: Network Access Complexity: Low Authentication: Single Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	[email protected]
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

References for CVE-2021-32546

https://github.com/gogs/gogs/releases

Release Notes;Third Party Advisory
https://github.com/gogs/gogs/security/advisories/GHSA-56j7-2pm8-rgmx

Issue Tracking;Third Party Advisory

Products affected by CVE-2021-32546

Gogs » Gogs
Versions before (<) 0.12.8
cpe:2.3:a:gogs:gogs:*:*:*:*:*:*:*:*
Matching versions