Main Vulnerability Database SB2022032146

SB2022032146 - Input validation error in gogs

Published: March 21, 2022 Updated: April 27, 2026

Security Bulletin ID SB2022032146

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 vulnerability.

1) Input validation error (CVE-ID: CVE-2022-0415)

The vulnerability allows a remote user to gain SSH access to the server.

The vulnerability exists due to improper input validation in repository file upload handling when uploading files to a repository. A remote user can upload a crafted config file into the repository's .git directory to gain SSH access to the server.

Only installations with repository upload enabled are vulnerable.

Remediation

Install update from vendor's website.

References

https://github.com/gogs/gogs/security/advisories/GHSA-5gjh-5j4f-cpwv