CVE-2024-56731
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-08-21
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| gogs | gogs | to 0.13.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-552 | The product makes files or directories accessible to unauthorized actors, even though they should not be. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2024-56731 is a critical vulnerability in the Gogs Git service (versions up to 0.13.2) that allows remote command execution. The issue arises because the patch for a previous vulnerability (CVE-2024-39931) was insufficient: it only checked if a file path directly targeted the .git directory but did not account for symbolic links pointing to .git. Attackers can exploit this by creating symbolic links to the .git directory, enabling them to delete arbitrary internal files within .git and execute arbitrary commands remotely on the Gogs instance with the privileges of the configured RUN_USER. This can compromise all user code hosted on the instance. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts as it allows unprivileged users to execute arbitrary commands remotely on the Gogs server with the privileges of the RUN_USER account. This can lead to full compromise of the Gogs instance, including unauthorized access to and alteration of all users' code hosted on the same instance. The vulnerability has a critical CVSS score of 10.0, indicating high impact on confidentiality, integrity, and availability. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
To detect this vulnerability, you can check the version of your Gogs instance to see if it is version 0.13.2 or earlier, as these versions are affected. Additionally, monitoring for unusual file deletion attempts or symbolic link creations targeting the .git directory could indicate exploitation attempts. Specific commands might include checking the Gogs version via its API or inspecting the running service version. For example, you could use: `curl -s http://<gogs-server>/api/v1/version` or check the installed package version. Also, scanning logs for deletion requests targeting .git paths or symbolic link creations could help detect exploitation attempts. However, no explicit detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade your Gogs instance to version 0.13.3 or later, where this vulnerability has been patched by preventing previewing and deleting files within the .git directory, including handling symbolic links properly. If upgrading immediately is not possible, restrict unprivileged user access to the Gogs instance and monitor for suspicious activity involving .git directory file operations. Applying the patch that modifies the repository management functions to block operations on .git paths is essential to prevent exploitation. [2, 3]