Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2022-23642 PoC — Code Injection in Sourcegraph

Source
https://github.com/Altelus1/CVE-2022-23642
Associated Vulnerability
Title:Code Injection in Sourcegraph (CVE-2022-23642)
Description:Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fails to properly restrict calling `git config`. This allows an attacker to set the git `core.sshCommand` option, which sets git to use the specified command instead of ssh when they need to connect to a remote system. Exploitation of this vulnerability depends on how Sourcegraph is deployed. An attacker able to make HTTP requests to internal services like gitserver is able to exploit it. This issue is patched in Sourcegraph version 3.37. As a workaround, ensure that requests to gitserver are properly protected.
Description
PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)
Readme
# PoC for Sourcegraph Gitserver < 3.37.0 RCE (CVE-2022-23642)

Sourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus "core.sshCommand" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker. This is tested on [Sourcegraph 3.36.3](https://github.com/sourcegraph/sourcegraph/releases/tag/v3.36.3)

## Setup for testing docker

A Sourcegraph docker container version 3.63.3 has been used for the testing. The gitserver port 3178 has also been exposed

## Exploitation parameters:
- Exposed Sourcegraph gitserver
- Existing repo on sourcegraph

## POC

![gif](CVE-2022-23642.gif)


## References:
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642
- https://github.com/sourcegraph/sourcegraph
File Snapshot

 [4.0K]  /data/pocs/f4586acfc042bfef957ba96b6a65ca8f1d6ef211
├── [411K]  CVE-2022-23642.gif
├── [1.4K]  exploit.py
└── [ 903]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →