10

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-p69r-v3h4-rj4f

EPSS Score

CWE

CWE-88

Published

7/4/2024

Updated

12/23/2024

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

GHSA-p69r-v3h4-rj4f

GHSA-p69r-v3h4-rj4f: Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930

Duplicate Advisory

This advisory has been withdrawn because it is a duplicate of GHSA-vm62-9jw3-c8w3. This link is maintained to preserve external references.

Original Description

The built-in SSH server of Gogs through 0.13.0 allows argument injection in internal/ssh/ssh.go, leading to remote code execution. Authenticated attackers can exploit this by opening an SSH connection and sending a malicious --split-string env request if the built-in SSH server is activated. Windows installations are unaffected.

(GitHub Advisory)

10

CVSS Score

3.1

Basic Information

CVE ID

GHSA ID

GHSA-p69r-v3h4-rj4f

EPSS Score

CWE

CWE-88

Published

7/4/2024

Updated

12/23/2024

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
github.com/gogs/gogs	go	<= 0.13.0

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper argument handling in the SSH server's environment variable processing. The code in internal/ssh/ssh.go directly passes user-controlled input (env.Name and env.Value) to the 'env' command without proper sanitization. This allows attackers to inject the '--split-string' argument which enables command execution through argument splitting. The analysis from SonarSource explicitly identifies this code path and demonstrates how the env command's --split-string parameter can be abused for RCE. The CWE-88 classification (Argument Injection) and technical details from multiple sources confirm this assessment.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

# *upli**t* **visory T*is **visory **s ***n wit**r*wn ****us* it is * *upli**t* o* **S*-vm**-*jw*-**w*. T*is link is m*int*in** to pr*s*rv* *xt*rn*l r***r*n**s. # Ori*in*l **s*ription T** *uilt-in SS* s*rv*r o* *o*s t*rou** *.**.* *llows *r*um*nt in

Reasoning

T** vuln*r**ility st*ms *rom improp*r *r*um*nt **n*lin* in t** SS* s*rv*r's *nvironm*nt v*ri**l* pro**ssin*. T** *o** in `int*rn*l/ss*/ss*.*o` *ir**tly p*ss*s us*r-*ontroll** input (`*nv.N*m*` *n* `*nv.V*lu*`) to t** '*nv' *omm*n* wit*out prop*r s*ni

10

Basic Information

Concerned about an active attack path?

GHSA-p69r-v3h4-rj4f: Duplicate Advisory: github.com/gogs/gogs affected by CVE-2024-39930

Duplicate Advisory

Original Description

10

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI