Vulnerability Details : CVE-2020-14144
Public exploit exists!
The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature should be documented immediately above the ENABLE_GIT_HOOKS line in the config file). NOTE: The vendor has indicated this is not a vulnerability and states "This is a functionality of the software that is limited to a very limited subset of accounts. If you give someone the privilege to execute arbitrary code on your server, they can execute arbitrary code on your server. We provide very clear warnings to users around this functionality and what it provides.
Vulnerability category: Execute code
Products affected by CVE-2020-14144
- cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2020-14144
93.42%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 100 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2020-14144
-
Gitea Git Hooks Remote Code Execution
Disclosure Date: 2020-10-07First seen: 2021-04-07exploit/multi/http/gitea_git_hooks_rceThis module leverages an insecure setting to get remote code execution on the target OS in the context of the user running Gitea. This is possible when the current user is allowed to create `git hooks`, which is the default for administrative users. For
CVSS scores for CVE-2020-14144
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
|
7.2
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
NIST |
CWE ids for CVE-2020-14144
-
The product constructs all or part of an OS command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended OS command when it is sent to a downstream component.Assigned by: nvd@nist.gov (Primary)
References for CVE-2020-14144
-
https://github.com/PandatiX/CVE-2021-28378#notes
GitHub - pandatix/CVE-2021-28378Exploit;Third Party Advisory
-
https://www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-1125-und-gogs-0122-ermoeglicht-ausfuehrung-von-code-nach-authent/
Detail en : FZI Forschungszentrum InformatikThird Party Advisory
-
https://docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive-hook-script
Creating a pre-receive hook script - GitHub DocsThird Party Advisory
-
https://github.com/PandatiX/CVE-2021-28378
GitHub - PandatiX/CVE-2021-28378Exploit;Third Party Advisory
-
https://docs.gitlab.com/ee/administration/server_hooks.html
Server hooks | GitLabThird Party Advisory
-
https://github.com/go-gitea/gitea/pull/13058
Mitigate Security vulnerability in the git hook feature by Niklas974 · Pull Request #13058 · go-gitea/gitea · GitHubThird Party Advisory
-
https://github.com/go-gitea/gitea/releases
Releases · go-gitea/gitea · GitHubRelease Notes;Third Party Advisory
-
http://packetstormsecurity.com/files/162122/Gitea-Git-Hooks-Remote-Code-Execution.html
Gitea Git Hooks Remote Code Execution ≈ Packet StormExploit;Third Party Advisory;VDB Entry
-
https://docs.github.com/en/enterprise-server%402.19/admin/policies/creating-a-pre-receive-hook-script
Creating a pre-receive hook script - GitHub Docs
Jump to