mastodonien.de

nerdculture.de

Zeitpunkt              Nutzer    Delta   Tröts        TNR     Titel                     Version  maxTL
Di 09.07.2024 00:00:03     7.216      -1      599.665    83,1 NerdCulture               4.2.10   1.000
Mo 08.07.2024 00:01:18     7.217       0      599.198    83,0 NerdCulture               4.2.10   1.000
So 07.07.2024 00:00:01     7.217       0      598.597    82,9 NerdCulture               4.2.10   1.000
Sa 06.07.2024 00:00:40     7.217       0      598.148    82,9 NerdCulture               4.2.10   1.000
Fr 05.07.2024 00:01:08     7.217      -1      597.685    82,8 NerdCulture               4.2.10     500
Do 04.07.2024 00:00:05     7.218       0      596.869    82,7 NerdCulture               4.2.9      500
Mi 03.07.2024 00:02:06     7.218      +2      596.470    82,6 NerdCulture               4.2.9      500
Di 02.07.2024 00:01:46     7.216       0      596.034    82,6 NerdCulture               4.2.9      500
Mo 01.07.2024 00:01:27     7.216       0      595.653    82,5 NerdCulture               4.2.9      500
So 30.06.2024 00:01:08     7.216       0      595.129    82,5 NerdCulture               4.2.9      500

Di 09.07.2024 14:33

Critical unpatched Flaws disclosed in popular Gogs Open-Source Git Service.

Four unpatched security flaws, including three critical ones, have been disclosed in the Gogs, self-hosted Git service that could enable an authenticated attacker to breach susceptible instances, steal or wipe source code and even plant backdoors.

sonarsource.com/blog/securing-

•CVE-2024-39930 (CVSS score: 9.9) - Argument injection in the built-in SSH server •CVE-2024-39931 (CVSS score: 9.9) - Deletion of internal files •CVE-2024-39932 (CVSS score: 9.9) - Argument injection during changes preview •CVE-2024-39933 (CVSS score: 7.7) - Argument injection when tagging new releases Successful exploitation of the first three shortcomings could permit an attacker to execute arbitrary commands on the Gogs server, while the fourth flaw allows attackers to read arbitrary files such as source code and configuration secrets.

•CVE-2024-39930 (CVSS score: 9.9) - Argument injection in the built-in SSH server •CVE-2024-39931 (CVSS score: 9.9) - Deletion of internal files •CVE-2024-39932 (CVSS score: 9.9) - Argument injection during changes preview •CVE-2024-39933 (CVSS score: 7.7) - Argument injection when tagging new releases Successful exploitation of the first three shortcomings could permit an attacker to execute arbitrary commands on the Gogs server, while the fourth flaw allows attackers to read arbitrary files such as source code and configuration secrets.

[ImageSource: sonarsource.com] According to data available on Shodan, around 7,300 Gogs instances are publicly accessible over the internet, with nearly 60% of them located in China, followed by the U.S., Germany, Russia, and Hong Kong.

[ImageSource: sonarsource.com] According to data available on Shodan, around 7,300 Gogs instances are publicly accessible over the internet, with nearly 60% of them located in China, followed by the U.S., Germany, Russia, and Hong Kong.

[Öffentlich] Antw.: 0 Wtrl.: 0 Fav.: 0 · via Metatext

Antw. · Weiterl. · Fav. · Lesez. · Pin · Stumm · Löschen