CVE-2022-31154

CVE-2022-31154 affects Sourcegraph (code search/navigation). An authenticated user can edit Code Monitors owned by other users, allowing override of trigger and action data without reading monitor contents. Root cause is improper restrictions on Code Monitors; no read access gained. The issue is ...

CVE-2022-31154 Indirect Object Access in Sourcegraph Code Monitoring

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able ...

Sourcegraph 安全漏洞

Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. A security vulnerability exists in versions prior to Sourcegraph 3.42 that stems from an error in authorization checking and could allow an attacker to delete searches saved by other users...

Fedora: Security Advisory for golang-sourcegraph-appdash (FEDORA-2022-5038c3236c)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2022-20569 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.42 Description: The issue allows an authenticated Sourcegraph user to edit Code Monitors owned by any other Sourcegraph user, including editing the trigger and action of the monitor. However, an attacker cannot...

Sourcegraph 安全漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. engine is an OpenSSL reference implementation of the GOST encryption algorithm. A security vulnerability exists in Sourcegraph versions prior to 3.42, which stems from the ability of an authenticated Sourcegraph...

[SECURITY] Fedora 36 Update: golang-sourcegraph-appdash-0-0.10.20210113gitebfcffb.fc36

Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin. Appdash allows you to trace the end-to-end handling of requests and operations in your application for perf and debugging. It displays timings and application-specific metadata for each step, and it...

Fedora: Security Advisory for golang-github-sourcegraph-syntaxhighlight (FEDORA-2022-37aef44d1e)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sourcegraph Command Injection (CVE-2022-23642)

A command injection vulnerability exists in Sourcegraph. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary commands on the affected system...

Fedora: Security Advisory for golang-github-sourcegraph-syntaxhighlight (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-sourcegraph-appdash (FEDORA-2022-3969b64d4b)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 35 Update: golang-sourcegraph-appdash-0-0.9.20210113gitebfcffb.fc35

Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin. Appdash allows you to trace the end-to-end handling of requests and operations in your application for perf and debugging. It displays timings and application-specific metadata for each step, and it...

Sourcegraph gitserver sshCommand RCE

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

Metasploit Weekly Wrap-Up

JBOSS EAP/AS - More Deserializations? Indeed! Community contributor Heyder Andrade added in a new module for a Java deserialization vulnerability in JBOSS EAP/AS Remoting Unified Invoker interface for versions 6.1.0 and prior. As far as we can tell this was first disclosed by Joao Matos in his...

Sourcegraph gitserver sshCommand Remote Command Execution Exploit

A vulnerability exists within Sourcegraph's gitserver component that allows a remote attacker to execute arbitrary OS commands by modifying the core.sshCommand value within the git configuration. This command can then be triggered on demand by executing a git push operation. The vulnerability was...

Sourcegraph gitserver sshCommand Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Sourcegraph gitserver sshCommand RCE', 'Description' = %q A vulnerability exists within Sourcegraph's gitserver component that allows a remote...

Fedora: Security Advisory for golang-github-sourcegraph-syntaxhighlight (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Fedora: Security Advisory for golang-sourcegraph-appdash (FEDORA-2022-fae3ecee19)

The remote host is missing an update for the Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

[SECURITY] Fedora 36 Update: golang-sourcegraph-appdash-0-0.9.20210113gitebfcffb.fc36

Appdash is an application tracing system for Go, based on Google's Dapper and Twitter's Zipkin. Appdash allows you to trace the end-to-end handling of requests and operations in your application for perf and debugging. It displays timings and application-specific metadata for each step, and it...

Sourcegraph Gitserver 3.36.3 Remote Code Execution

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...