Skip to content

PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)

Notifications You must be signed in to change notification settings

nikancangtianraoguoshui/CVE-2022-23642

 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
 
 
 
 
 
 

Repository files navigation

PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)

Sourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus "core.sshCommand" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker. This is tested on Sourcegraph 3.36.3

Setup for testing docker

A Sourcegraph docker container version 3.63.3 has been used for the testing. The gitserver port 3178 has also been exposed

Exploitation parameters:

  • Exposed Sourcegraph gitserver
  • Existing repo on sourcegraph

POC

gif

References:

About

PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published

Languages

  • Python 100.0%