Zeitpunkt Nutzer Delta Tröts TNR Titel Version maxTL Di 09.07.2024 00:00:03 7.216 -1 599.665 83,1 NerdCulture 4.2.10 1.000 Mo 08.07.2024 00:01:18 7.217 0 599.198 83,0 NerdCulture 4.2.10 1.000 So 07.07.2024 00:00:01 7.217 0 598.597 82,9 NerdCulture 4.2.10 1.000 Sa 06.07.2024 00:00:40 7.217 0 598.148 82,9 NerdCulture 4.2.10 1.000 Fr 05.07.2024 00:01:08 7.217 -1 597.685 82,8 NerdCulture 4.2.10 500 Do 04.07.2024 00:00:05 7.218 0 596.869 82,7 NerdCulture 4.2.9 500 Mi 03.07.2024 00:02:06 7.218 +2 596.470 82,6 NerdCulture 4.2.9 500 Di 02.07.2024 00:01:46 7.216 0 596.034 82,6 NerdCulture 4.2.9 500 Mo 01.07.2024 00:01:27 7.216 0 595.653 82,5 NerdCulture 4.2.9 500 So 30.06.2024 00:01:08 7.216 0 595.129 82,5 NerdCulture 4.2.9 500
Olly 👾 (@Olly42) · 01/2024 · Tröts: 228 · Folger: 23
Di 09.07.2024 14:33
Critical unpatched Flaws disclosed in popular Gogs Open-Source Git Service.
Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code and even plant backdoors.
https://www.sonarsource.com/blog/securing-developer-tools-unpatched-code-vulnerabilities-in-gogs-1/
#gogs #opensource #git #programming #it #security #tech #engineer #news
•CVE-2024-39930 (CVSS score: 9.9) - Argument injection in the built-in SSH server •CVE-2024-39931 (CVSS score: 9.9) - Deletion of internal files •CVE-2024-39932 (CVSS score: 9.9) - Argument injection during changes preview •CVE-2024-39933 (CVSS score: 7.7) - Argument injection when tagging new releases Successful exploitation of the first three shortcomings could permit an attacker to execute arbitrary commands on the Gogs server, while the fourth flaw allows attackers to read arbitrary files such as source code and configuration secrets.
[ImageSource: sonarsource.com] According to data available on Shodan, around 7,300 Gogs instances are publicly accessible over the internet, with nearly 60% of them located in China, followed by the U.S., Germany, Russia, and Hong Kong.
[Öffentlich] Antw.: 0 Wtrl.: 1 Fav.: 0 · via Metatext