20 matches found
EUVD-2022-28591
Malicious code in bioql PyPI...
EUVD-2022-52770
Malicious code in bioql PyPI...
CVE-2022-23643
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
CVE-2025-23214 Cosmos userbase checking vulnerability
Cosmos provides users the ability self-host a home server by acting as a secure gateway to your application, as well as a server manager. By monitoring the error code returned in the login, it is possible to figure out whether a user exist or not in the database. Patched in 0.17.7...
Monitor sensitive data [3**-** ***7] that resides in code
Monitor code for sensitive data to reduce the risk of accidental exposure or compliance violation...
CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...
One could get up to 20x more xCTDL tokens when deposit right after earn().
Lines of code Vulnerability details Impact When earn is called by authorized actors keeper or governance, 95% of the balance of CTDL token in the StakedCitadel contract will be transferred to strategy. Thus, the balance will be roughly only 5% of the totalSupply. At this juncture, if an attacker...
Privilege Escalation
Sourcegraph is vulnerable to side-channel attack. The attack is possible because the library does not properly exclude the private source code in the Code Monitoring , allowing an authenticated attacker to create many Code Monitors to receive confirmation that a specific string exists...
CVE-2022-23643
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
Code injection
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
CVE-2022-23643
CVE-2022-23643 covers a side-channel vulnerability in Sourcegraph Code Monitors. Affected are Sourcegraph 3.35 and 3.36, where private-source strings could be inferred by an authenticated but unauthorized actor via the Code Monitoring feature. The root cause is a reintroduced issue that was previ...
CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...
Sourcegraph 安全漏洞
Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. A security vulnerability exists in Sourcegraph versions 3.35 and 3.36, which stems from the reintroduction of a previously fixed side-channel vulnerability in the code monitoring feature, in which strings in...
CVE-2021-43823
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
CVE-2021-43823
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
Code injection
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
CVE-2021-43823 Side-channel attack in Sourcegraph
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...
Sourcegraph 信息泄露漏洞
Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. An information disclosure vulnerability exists in Sourcegraph versions prior to 3.33.2. The vulnerability stems from the fact that Sourcegraph prior to version 3.33.2 is susceptible to a side-channel attack,...