What is CVE-2020-15867?

CVE-2020-15867 is a vulnerability in N/a. Published 2020-10-16.

Is CVE-2020-15867 known to be exploited?

4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in N/a

CVE-2020-15867

The git hook feature in Gogs 0.5.5 through 0.12.2 allows for authenticated remote code execution. There can be a privilege escalation if access to this hook feature is granted to a user who does not have administrative privileges. NOTE: be…

EPSS: 0.915 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a — versions n/a

Public proof-of-concept exploits

rapid7/metasploit-framework
ARPSyndicate/cvemon
EdgeSecurityTeam/Vulnerability
tzwlhack/Vulnerability

References

www.fzi.de/en/news/news/detail-en/artikel/fsa-2020-3-schwachstelle-in-gitea-112… (x_refsource_MISC)
packetstormsecurity.com/files/162123/Gogs-Git-Hooks-Remote-Code-Execution.html (x_refsource_MISC)

Frequently asked questions

What is CVE-2020-15867?: CVE-2020-15867 is a vulnerability in N/a. Published 2020-10-16.
Is CVE-2020-15867 known to be exploited?: 4 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.