-
Notifications
You must be signed in to change notification settings - Fork 13.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update Gitea Git hooks RCE check method #15730
Update Gitea Git hooks RCE check method #15730
Conversation
50d37ca
to
3283d4f
Compare
cc @cdelafuente-r7 🕵️ |
8a4c250
to
8204eb2
Compare
8204eb2
to
a7aa255
Compare
Before:
|
After with patch applied:
|
And just to show this still works for exploitation purposes I logged in with admin credentials and disabled the AutoCheck check so that the exploit would run without raising an error:
|
For reference the version I tested that on was the earliest they had available, version 1.0.0. In case that helps at all. |
Release NotesThe |
Older versions of Gitea have a different version message than is currently supported:
![image](https://user-images.githubusercontent.com/60357436/135545472-bbbe019d-343c-4019-b695-dedc2ca4337e.png)
The wording was changed here: go-gitea/gitea#9600
Before
When running the check method against a valid Gitea target, the 'Unsupported' check code is returned, which means the module doesn't support the check method - which is incorrect. Additionally doesn't identify the correct version of Gitea:
After
Gitea is detected, and a check code which details the unknown version is returned:
It's worth noting that this change doesn't support non-english versions of Gitea.
Verification
Run an older version of Gitea, and replicate the testing steps here: #14978