Summary: CISA has added a Path Traversal vulnerability in the Gogs Git service to its Known Exploited Vulnerabilities (KEV) catalog. The flaw allows unauthenticated attackers to escape the Git directory and access any file on the host system. It is currently being used by ransomware groups to steal source code before encrypting development servers.
Business Impact: For your development-heavy clients, this is a “Day 0” priority. If they use Gogs for self-hosted version control, their entire intellectual property (IP) is at risk. Attackers are specifically targeting these systems to steal private keys and credentials embedded in code.
Why It Happened: Gogs’ improper handling of symbolic links in its API allowed for the traversal. Ransomware actors have added this to their automated scanning kits because many self-hosted Git servers are infrequently patched.
Recommended Executive Action: Mandate an immediate update to Gogs v0.13.0 or higher. If using a legacy version that cannot be patched, shut down external access and migrate to a more secure version-control system immediately.
Hashtags: #CISA #KEV #Gogs #Ransomware #PathTraversal #DevSecOps #PatchAlert