Information disclosure

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

CVE-2021-32787

CVE-2021-32787 affects Sourcegraph before version 3.30.0. The vulnerability exposes information in the site-admin area to regular users, leaking daily usage statistics and code intelligence uploads/indexes while not allowing alteration of other features. The root cause is improper access to site-...

CVE-2021-32787 Low risk information disclosure in Sourcegraph

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

Sourcegraph 信息泄露漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. in the United States. Sourcegraph suffers from a security vulnerability that stems from the fact that the site administration area can be accessed by a normal user, with all information and functionality properly...

Sourcegraph Access Restriction Bypass Vulnerability

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. in the United States. A security vulnerability exists in the SafeRedirectURL method of the cmd/frontend/auth/redirect.go file in versions of Sourcegraph prior to 3.15.1. A remote attacker could exploit the...

Open Redirect

Overview Affected versions of this package are vulnerable to Open Redirect. The SourceGraph application has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring. Remediation...

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

Input validation

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

CVE-2020-12283

Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring...

CVE-2020-12283

Sourcegraph before 3.15.1 is affected by an improper validation in the SafeRedirectURL method (cmd/frontend/auth/redirect.go), leading to a vulnerable authentication workflow (example: //foo//example.com). The issue is tied to the authentication redirect logic and can enable an open redirect/auth...