What is CVE-2020-14144?

CVE-2020-14144 is a vulnerability in N/a. Published 2020-10-16.

Is CVE-2020-14144 known to be exploited?

10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-14144

The git hook feature in Gitea 1.1.0 through 1.12.5 might allow for authenticated remote code execution in customer environments where the documentation was not understood (e.g., one viewpoint is that the dangerousness of this feature shoul…

EPSS: 0.935 (99.8th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

References

github.com/go-gitea/gitea/releases (x_refsource_MISC)
www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-112… (x_refsource_MISC)
github.com/go-gitea/gitea/pull/13058 (x_refsource_MISC)
docs.gitlab.com/ee/administration/server_hooks.html (x_refsource_MISC)
docs.github.com/en/enterprise-server@2.19/admin/policies/creating-a-pre-receive… (x_refsource_MISC)
packetstormsecurity.com/files/162122/Gitea-Git-Hooks-Remote-Code-Execution.html (x_refsource_MISC)
github.com/PandatiX/CVE-2021-28378 (x_refsource_MISC)
github.com/PandatiX/CVE-2021-28378 (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-14144?: CVE-2020-14144 is a vulnerability in N/a. Published 2020-10-16.
Is CVE-2020-14144 known to be exploited?: 10 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.