CVE-2026-24058
- EPSS 0.05%
- Veröffentlicht 22.01.2026 22:16:21
- Zuletzt bearbeitet 18.02.2026 14:49:33
Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication bypass vulnerability that allows an attacker to impersonate any user (including admin) by "offering" the victim's public key durin...
CVE-2026-22253
- EPSS 0.02%
- Veröffentlicht 08.01.2026 18:39:57
- Zuletzt bearbeitet 02.02.2026 17:09:22
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the LFS lock deletion endpoint allows any authenticated user with repository write access to delete locks owned by other users by setti...
CVE-2025-64522
- EPSS 0.05%
- Veröffentlicht 10.11.2025 22:11:18
- Zuletzt bearbeitet 31.12.2025 17:54:07
Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where webhook URLs are not validated, allowing repository administrators to create webhooks targeting internal services, private network...
CVE-2025-22130
- EPSS 0.42%
- Veröffentlicht 08.01.2025 16:15:38
- Zuletzt bearbeitet 06.11.2025 22:04:32
Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repos...
CVE-2023-43809
- EPSS 0.18%
- Veröffentlicht 04.10.2023 21:15:10
- Zuletzt bearbeitet 21.11.2024 08:24:49
Soft Serve is a self-hostable Git server for the command line. Prior to version 0.6.2, a security vulnerability in Soft Serve could allow an unauthenticated, remote attacker to bypass public key authentication when keyboard-interactive SSH authentica...