Soft Serve Git Server Path Traversal Vulnerability Allowing Repository Takeover

A path traversal vulnerability has been identified in Soft Serve, a self-hostable Git server, prior to version 0.8.2. This vulnerability allows non-admin users to access and take over other users' repositories. A malicious user can then modify, delete, and manage these repositories as if they were an admin, without having received the necessary permissions. The issue has been patched in version 0.8.2.

Impact

Exploitation of this vulnerability allows non-admin users to take over and manage other users' repositories, including the ability to modify or delete them, impersonating an admin user.

Reproduction

To reproduce this vulnerability, a non-admin user must create a repository and then exploit the path traversal flaw to access another user's repository. This can be done by manipulating the repository name to traverse directories and access unauthorized repositories.

Remediation

Users are advised to upgrade to Soft Serve version 0.8.2 or later. Single-user setups are not affected by this vulnerability.