{"uuid": "112a7c36-bad9-4953-a5c2-2e49b24449ec", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2022-23642", "type": "published-proof-of-concept", "source": "https://t.me/crackcodes/685", "content": "\u200bCVE-2022-23642\n\nPoC for Sourcegraph Gitserver 3.37.0 RCE\n\nSourcegraph prior to 3.37.0 has a remote code execution vulnerability on its gitserver service. This is due to lack of restriction on git config execution thus \"core.sshCommand\" can be passed on the HTTP arguments which can contain arbitrary bash commands. Note that this is only possible if gitserver is exposed to the attacker.\n\nhttps://github.com/Altelus1/CVE-2022-23642\n\nResearch:\nhttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-23642\n\n#exploit #cve", "creation_timestamp": "2022-06-13T03:16:30.000000Z"}