Soft Serve Git Server Arbitrary File Write Vulnerability via SSH API
Vulnerability
A vulnerability in Soft Serve, a self-hostable Git server, allows attackers to create or overwrite arbitrary files with uncontrolled data through its SSH API. This issue affects versions of Soft Serve through 0.9.1 and has been patched in version 0.10.0.
Impact
Exploitation of this vulnerability allows for arbitrary file creation or modification, potentially leading to unauthorized data manipulation or execution of malicious scripts, depending on the file's nature and location.
Reproduction
To reproduce this vulnerability, deploy an instance of Soft Serve version 0.9.1 or earlier. Once the server is running, use an SSH command to commit a file to a repository while specifying an output file path that points to a writable location, such as the /tmp directory. The command will create a file in the specified location, demonstrating the arbitrary file write capability.
Remediation
Users can upgrade to Soft Serve version 0.10.0 to address this vulnerability.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.