CVE-2022-30781

HIGH

Gitea < 1.16.7 - Remote Code Execution via Git Fetch Remote

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2022-30781. PoCs published by samguy, wuhan005, wuhan005, li4n0, krastanoel, including Metasploit module exploits/multi/http/gitea_git_fetch_rce.

AI-analyzed exploit summary This Metasploit module exploits CVE-2022-30781, a remote code execution vulnerability in Gitea's repository migration process via crafted Git fetch commands. It authenticates, creates a repository, and triggers migration to execute arbitrary commands.

Description

Gitea before 1.16.7 does not escape git fetch remote.

Exploits (3)

exploitdb WORKING POC VERIFIED

by samguy · rubywebappsmultiple

https://www.exploit-db.com/exploits/51009

View Code ZIP pw:eip

This Metasploit module exploits CVE-2022-30781, a remote code execution vulnerability in Gitea's repository migration process via crafted Git fetch commands. It authenticates, creates a repository, and triggers migration to execute arbitrary commands.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Gitea <= 1.16.6

Auth required

Prerequisites: Valid Gitea credentials · Network access to Gitea instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 86 stars

by wuhan005 · poc

https://github.com/wuhan005/CVE-2022-30781

View Code ZIP pw:eip

This repository contains a proof-of-concept exploit for CVE-2022-30781, a remote command execution vulnerability in Gitea's repository migration feature. The exploit involves hosting malicious files and tricking a Gitea instance into executing arbitrary commands during migration.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Gitea (version not specified)

Auth required

Prerequisites: HTTP filesystem server · Ability to trigger repository migration on target Gitea instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

metasploit WORKING POC EXCELLENT

by wuhan005, li4n0, krastanoel · rubypocunix

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/gitea_git_fetch_rce.rb

View Code ZIP pw:eip

This Metasploit module exploits a remote code execution vulnerability in Gitea's repository migration process via Git fetch command injection. It supports multiple targets including Unix, Linux, and Windows systems.

Classification

Working Poc 100%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Gitea before 1.16.7

Auth required

Prerequisites: Valid Gitea credentials · Network access to Gitea instance

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/168400/Gitea-1.16.6-Remote-Code-Execution.html

Exploit, Third Party Advisory, VDB Entry

http://packetstormsecurity.com/files/169928/Gitea-Git-Fetch-Remote-Code-Execution.html

Release Notes, Vendor Advisory

https://blog.gitea.io/2022/05/gitea-1.16.7-is-released/

Patch, Third Party Advisory

https://github.com/go-gitea/gitea/pull/19487

Patch, Third Party Advisory

https://github.com/go-gitea/gitea/pull/19490

Scores

CVSS v3 7.5

EPSS 0.8641

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-116

Status published

Products (2)

code.gitea.io/gitea 0 - 1.16.7Go

gitea/gitea < 1.16.7

Published May 16, 2022

Tracked Since Feb 18, 2026