HomeCyber BalkansGogs Vulnerabilities Allow Attackers to Hack Instances and Steal Source Code

Gogs Vulnerabilities Allow Attackers to Hack Instances and Steal Source Code

Published on

spot_img

The cybersecurity researchers at SonarSource recently uncovered several vulnerabilities in the popular open-source code hosting system, Gogs. These vulnerabilities could potentially lead to source code theft, backdoor implantation, and code removal, putting Gogs instances at risk.

Despite Gogs’ widespread use and popularity, with over 44,000 GitHub stars and 90 million Docker image downloads, these vulnerabilities remain unpatched. This discovery underscores the importance of securing development tools and self-hosted code repositories to prevent cyber attacks.

One of the critical vulnerabilities found in Gogs is an Argument Injection Vulnerability in the built-in SSH server. This flaw allows authenticated attackers to execute commands on the server by exploiting the ‘–split-string’ option in the ‘env’ command, bypassing security measures. Even in the latest Gogs release (0.13.0), this vulnerability remains unaddressed.

According to the SonarSource report, approximately 7,300 open Gogs instances on Shodan are susceptible to this security issue. This poses a significant risk to the source code integrity and server protection of organizations relying on Gogs for code hosting.

To exploit the Gogs SSH server vulnerability, three conditions must be met: the SSH server must be enabled, an authentic SSH key is required, and a version compatible with “env -–split-string” must be used. Exploitable setups typically utilize GNU core-utils in Ubuntu or Debian, while Alpine Linux-based Docker images and Windows installations are not affected.

Attackers can create accounts and add SSH keys if registration is enabled, making it essential for admins to check their SSH settings in the admin panel. Maintainers of Gogs had initially accepted vulnerability reports but ceased communication and left all four reported issues unpatched in the latest version. As a result, users are advised to implement their own mitigations to safeguard their installations.

Security analysts have provided several recommendations and mitigations to address these vulnerabilities, including disabling the built-in SSH server, disabling user registration, and considering a switch to Gitea. It is crucial for users to take proactive steps to protect their systems and prevent potential security breaches.

In conclusion, the discovery of vulnerabilities in Gogs highlights the ongoing challenge of securing development tools and self-hosted code repositories. As cyber threats continue to evolve, it is essential for organizations to prioritize cybersecurity measures and address vulnerabilities promptly to safeguard their sensitive information and infrastructure.

Source link

Latest articles

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...

Hackers Compromise IIS Server and Launch Ransomware Attack Within 24 Hours

--- In June 2026, cybersecurity experts uncovered a coordinated and sophisticated cyber intrusion that began...

More like this

AI Bug-Finding Tools Require Human Validation

The Role of AI in Offensive Security: Balancing Speed with Human Insight In an evolving...

AWS Billing Bug Shows Trillion-Dollar Cost Estimates to Cloud Customers

Amazon Web Services Faces Major Billing Anomaly in Cost Explorer Tool Amazon Web Services (AWS)...

Scammers Exploit FaceTime for Social Engineering Tactics

Apple Warns Users About Social Engineering Scams Targeting FaceTime Apple Inc. has made a significant...