By ‘Git instances’ they mean Gogs instances that allow open registration. I know most of the community moved from Gogs to Gitea, and then to Forgejo, but thought this was still worth noting.
You must log in or # to comment.
Here are the steps:
- The attacker creates a standard Git repository.
- They commit a single symbolic link pointing to a sensitive target.
- Using the PutContents API, they write data to the symlink. The system follows the link and overwrites the target file outside the repository.
- By overwriting .git/config (specifically the sshCommand), the attacker can force the system to execute arbitrary commands–
amazing.