CVE-2025-22130

Medium CVSS: 5.3

Soft Serve is a self-hostable Git server for the command line. Prior to 0.8.2 , a path traversal attack allows existing non-admin users to access and take over other user's repositories. A malicious user then can modify, delete, and arbitrarily repositories as if they were an admin user without explicitly giving them permissions. This is patched in v0.8.2.

Vendor

Charm

Product

Soft Serve

CWE

CWE-22

Yayın Tarihi

2025-01-08 16:15:38

Güncelleme

2025-11-06 22:04:32

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-22 Soft Serve MEDIUM Charm 2025

Referanslar

https://github.com/charmbracelet/soft-serve/commit/a8d1bf3f9349c138383b65079b7b8ad97fff78f4 https://github.com/charmbracelet/soft-serve/releases/tag/v0.8.2 https://github.com/charmbracelet/soft-serve/security/advisories/GHSA-j4jw-m6xr-fv6c

Benzer Kayıtlar

High

CVE-2026-33353

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.6, an authoriza…

Critical

CVE-2026-30832

Soft Serve is a self-hostable Git server for the command line. From version 0.6.0 to before version 0.11.4, an authentic…

High

CVE-2026-24058

Soft Serve is a self-hostable Git server for the command line. Versions 0.11.2 and below have a critical authentication…

Medium

CVE-2026-22253

Soft Serve is a self-hostable Git server for the command line. Prior to version 0.11.2, an authorization bypass in the L…

Critical

CVE-2025-64522

Soft Serve is a self-hostable Git server for the command line. Versions prior to 0.11.1 have a SSRF vulnerability where…