Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2022-23642

Published: 18/02/2022 Updated: 27/06/2023
CVSS v2 Base Score: 6 | Impact Score: 6.4 | Exploitability Score: 6.8
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 534
Vector: AV:N/AC:M/Au:S/C:P/I:P/A:P
Subscribe to Sourcegraph

Vulnerability Summary

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an malicious user to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

sourcegraph sourcegraph

Exploits

Exploit DB: Sourcegraph Gitserver 3.36.3 Remote Code Execution
Sourcegraph Gitserver version 3363 suffers from a remote code execution vulnerability ...
Exploit DB: Sourcegraph gitserver sshCommand Remote Command Execution
A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the coresshCommand value within the git configuration This command can then be triggered on demand by executing a git push operation The vulnerability was patched by introducing a feature flag in version 33 ...

Github Repositories

https://github.com/Altelus1/CVE-2022-23642

PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)

PoC for Sourcegraph Gitserver &lt; 3370 RCE (CVE-2022-23642) Sourcegraph prior to 3370 has a remote code execution vulnerability on its gitserver service This is due to lack of restriction on git config execution thus "coresshCommand" can be passed on the HTTP arguments which can contain arbitrary bash commands Note that this is only possible if gitserver i

References

CWE-862https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-qcmp-fx72-q8q9https://github.com/sourcegraph/sourcegraph/pull/30833http://packetstormsecurity.com/files/167506/Sourcegraph-Gitserver-3.36.3-Remote-Code-Execution.htmlhttp://packetstormsecurity.com/files/167741/Sourcegraph-gitserver-sshCommand-Remote-Command-Execution.htmlhttps://nvd.nist.govhttps://github.com/Altelus1/CVE-2022-23642https://packetstormsecurity.com/files/167506/Sourcegraph-Gitserver-3.36.3-Remote-Code-Execution.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
brute forceCVE-2024-24908open redirectCVE-2024-31497CVE-2023-45866CVE-2024-4135CVE-2024-25523cache poisoningCVE-2024-4649
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook