111 matches found
Design/Logic Flaw
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...
CVE-2022-41943 Incorrect default permissions found in Sourcegraph
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...
CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...
CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...
PT-2022-26173 · Sourcegraph · Sourcegraph
Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 4.1.0 Description: The issue allows a site admin to execute arbitrary commands on Gitserver when the experimental customGitFetch feature is enabled. This feature has been disabled by default. Recommendations: For...
CVE-2022-41942
CVE-2022-41942 affects Sourcegraph’s gitserver component. A command injection existed in the /list-gitolite endpoint due to lack of input validation on the host parameter, exploitable only if an attacker can send local requests to gitserver. Affected versions are those prior to 4.1.0; the issue i...
CVE-2022-41943
The CVE-2022-41943 entry concerns Sourcegraph, a code intelligence platform. A site administrator could have executed arbitrary commands on Gitserver via the experimental customGitFetch feature, which is now disabled by default. The issue is patched in Sourcegraph version 4.1.0. In affected envir...
CVE-2022-41942 Sourcegraph vulnerable to Comand Injection via gitserver
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the /list-gitolite endpoint. It...
CVE-2022-41943 Incorrect default permissions found in Sourcegraph
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...
CVE-2022-41943 Incorrect default permissions found in Sourcegraph
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0...
Sourcegraph 安全漏洞
Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. A security vulnerability exists in Sourcegraph versions prior to 4.1.0, which can be exploited to execute arbitrary commands on the Gitserver when a site administrator enables the experimental "customGitFetch"...
Sourcegraph 操作系统命令注入漏洞
Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. An operating system command injection vulnerability exists in Sourcegraph versions prior to 4.1.0, which stems from a command injection vulnerability due to a lack of input validation of the /list-gitolite...
CVE-2022-31154
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...
CVE-2022-31155
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...
Authorization
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...
Code injection
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...
CVE-2022-31155 Unauthorized overwriting of saved searches in Sourcegraph
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...
CVE-2022-31155
Sourcegraph includes an authorization bug that, in versions before 3.41.0, allows an attacker to overwrite (delete) other users’ saved searches with attacker-controlled data. The vulnerability does not enable reading of others’ saved searches. The issue is mitigated by upgrading to Sourcegraph 3....
CVE-2022-31155 Unauthorized overwriting of saved searches in Sourcegraph
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only...
CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...