📄 Description (English)
goshs is a SimpleHTTPServer written in Go. From 2.0.0-beta.4 to 2.0.0-beta.5, goshs contains a cross-site request forgery issue in its state-changing HTTP GET routes. An external attacker can cause an already authenticated browser to trigger destructive actions such as ?delete and ?mkdir because goshs relies on HTTP basic auth alone and performs no CSRF, Origin, or Referer validation for those routes. This vulnerability is fixed in 2.0.0-beta.6.
🤖 AI Executive Summary
goshs versions 2.0.0-beta.4 through 2.0.0-beta.5 contain a critical CSRF vulnerability allowing unauthenticated attackers to trigger destructive file operations (delete, mkdir) on authenticated user sessions. The vulnerability exploits the absence of CSRF tokens and origin validation on state-changing GET requests, enabling remote attackers to manipulate file systems through social engineering. This poses significant risk to organizations using goshs for file serving in development or internal environments.
📄 Description (Arabic)
🤖 AI Intelligence Analysis Analyzed: Apr 27, 2026 19:25
🇸🇦 Saudi Arabia Impact Assessment
Saudi organizations using goshs in development, testing, or internal file-sharing environments face significant risk, particularly in: (1) Government IT departments and NCA-regulated entities using goshs for internal documentation servers; (2) Banking sector development teams using goshs for secure file distribution; (3) ARAMCO and energy sector IT operations; (4) Telecommunications companies (STC, Mobily) using goshs in development infrastructure; (5) Healthcare organizations using goshs for internal file management. The CSRF vulnerability could lead to unauthorized file deletion, directory creation, and potential data loss affecting critical operations.
🏢 Affected Saudi Sectors
Government
Banking
Energy (ARAMCO)
Telecommunications (STC, Mobily)
Healthcare
IT Services
Software Development
🎯 MITRE ATT&CK Techniques
⚖️ Saudi Risk Score (AI)
7.8
/ 10.0
🔧 Remediation Steps (English)
IMMEDIATE ACTIONS:
1. Identify all instances of goshs 2.0.0-beta.4 and 2.0.0-beta.5 in your environment using network scanning and asset inventory tools
2. Restrict network access to goshs instances using firewall rules - limit to trusted internal networks only
3. Disable state-changing GET operations (?delete, ?mkdir) if possible through configuration
4. Implement reverse proxy with CSRF token validation (nginx/Apache) in front of goshs instances
PATCHING GUIDANCE:
1. Upgrade immediately to goshs 2.0.0-beta.6 or later when available
2. If upgrade not immediately possible, apply compensating controls below
COMPENSATING CONTROLS:
1. Deploy WAF rules to block requests containing ?delete or ?mkdir parameters from external sources
2. Implement HTTP Referer and Origin header validation at reverse proxy level
3. Use SameSite cookie attributes (Strict) if goshs supports cookie configuration
4. Enforce network segmentation - isolate goshs to internal networks only
5. Implement request logging and alerting for suspicious GET requests with state-changing parameters
DETECTION RULES:
1. Monitor for GET requests containing ?delete or ?mkdir parameters
2. Alert on requests with mismatched Origin/Referer headers
3. Track authentication followed by immediate destructive operations from different source IPs
4. Log all file deletion and directory creation events with source IP and user agent
🔧 خطوات المعالجة (العربية)
الإجراءات الفورية:
1. تحديد جميع نسخ goshs 2.0.0-beta.4 و 2.0.0-beta.5 في بيئتك باستخدام أدوات المسح والجرد
2. تقييد الوصول إلى شبكة goshs باستخدام قواعد جدار الحماية - حصر الوصول للشبكات الداخلية الموثوقة فقط
3. تعطيل عمليات GET التي تغير الحالة (?delete, ?mkdir) إن أمكن من خلال الإعدادات
4. تطبيق reverse proxy مع التحقق من رموز CSRF (nginx/Apache) أمام نسخ goshs
إرشادات التصحيح:
1. الترقية الفورية إلى goshs 2.0.0-beta.6 أو إصدار أحدث عند توفره
2. إذا لم يكن الترقية ممكنة فوراً، طبق الضوابط البديلة أدناه
الضوابط البديلة:
1. نشر قواعد WAF لحجب الطلبات التي تحتوي على معاملات ?delete أو ?mkdir من مصادر خارجية
2. تطبيق التحقق من رؤوس HTTP Referer و Origin على مستوى reverse proxy
3. استخدام سمات ملفات تعريف الارتباط SameSite (Strict) إذا كانت goshs تدعم إعدادات ملفات تعريف الارتباط
4. فرض تقسيم الشبكة - عزل goshs على الشبكات الداخلية فقط
5. تطبيق تسجيل الطلبات والتنبيهات للطلبات المريبة التي تحتوي على معاملات تغيير الحالة
قواعد الكشف:
1. مراقبة طلبات GET التي تحتوي على معاملات ?delete أو ?mkdir
2. التنبيه على الطلبات ذات رؤوس Origin/Referer غير المتطابقة
3. تتبع المصادقة متبوعة بعمليات مدمرة فورية من عناوين IP مختلفة
4. تسجيل جميع أحداث حذف الملفات وإنشاء المجلدات مع عنوان IP ووكيل المستخدم
📋 Regulatory Compliance Mapping
🟢 NCA ECC 2024
A.5.1.1 - Information security policies and procedures
A.6.1.1 - Access control policy
A.6.2.1 - User registration and access rights management
A.13.1.1 - Information security event logging
A.14.2.1 - Secure development policy
🔵 SAMA CSF
ID.AM-2 - Software inventory and management
PR.AC-1 - Access control and authentication
PR.AC-3 - Access enforcement
DE.CM-1 - Detection and analysis
RS.MI-2 - Incident response and mitigation
🟡 ISO 27001:2022
A.5.1.1 - Information security policies
A.6.1.1 - Access control policy
A.8.1.1 - User endpoint devices
A.8.2.1 - User access management
A.8.3.1 - User responsibilities
A.13.1.1 - Information security event logging
A.14.2.1 - Secure development policy
🟣 PCI DSS v4.0.1
Requirement 6.2 - Security patches and updates
Requirement 6.5.9 - Cross-site request forgery (CSRF) protection
Requirement 10.2 - Logging and monitoring
🔗 References & Sources 2
📦 Affected Products / CPE 2 entries
goshs:goshs:2.0.0
goshs:goshs:2.0.0