CVE-2022-31154

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

Authorization Bypass

github.com/sourcegraph/sourcegraph is vulnerable to authorization bypass. The vulnerability exists because the objects are not properly restricted in code monitors which allows an attacker to override data...

CVE-2022-31154

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

Code injection

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

CVE-2022-31154

CVE-2022-31154 affects Sourcegraph (code search/navigation). An authenticated user can edit Code Monitors owned by other users, allowing override of trigger and action data without reading monitor contents. Root cause is improper restrictions on Code Monitors; no read access gained. The issue is ...

PT-2022-20569 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.42 Description: The issue allows an authenticated Sourcegraph user to edit Code Monitors owned by any other Sourcegraph user, including editing the trigger and action of the monitor. However, an attacker cannot...

Privilege Escalation

Sourcegraph is vulnerable to side-channel attack. The attack is possible because the library does not properly exclude the private source code in the Code Monitoring , allowing an authenticated attacker to create many Code Monitors to receive confirmation that a specific string exists...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. Strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticate...

Side-Channel Attack

github.com/sourcegraph/sourcegraph is vulnerable to side channel attack. The attack is possible because the library does not properly exclude the private source code search results in 'searchresults.go' , allowing an authenticated attacker to check specific string and API keys exists in private...