CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

111 matches found

0day.today•added 2022/06/14 12:0 a.m.•345 views

Sourcegraph Gitserver 3.36.3 - Remote Code Execution Exploit

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remote code execution...

8.8CVSS8.6AI score0.85278EPSS

Exploits8

Exploit DB•added 2022/06/14 12:0 a.m.•323 views

Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)

Exploit Title: Sourcegraph Gitserver 3.36.3 - Remote Code Execution RCE Date: 2022-06-10 Exploit Author: Altelus Vendor Homepage: https://about.sourcegraph.com/ Version: 3.63.3 Tested on: Linux CVE : CVE-2022-23642 Docker Container: sourcegraph/server:3.36.3 Sourcegraph prior to 3.37.0 has a remo...

8.8CVSS7AI score0.85278EPSS

Exploits8

GithubExploit•added 2022/06/10 6:12 a.m.•324 views

Exploit for Code Injection in Sourcegraph

PoC for Sourcegraph Gitserver 3.37.0 RCE CVE-2022-23642 S...

8.8CVSS8.9AI score0.85278EPSS

Exploits8

Veracode•added 2022/05/09 6:11 a.m.•25 views

Remote Code Execution

github.com/sourcegraph/sourcegraph is vulnerable to remote code execution. A privileged attacker who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance has the ability to change these command arbitrarily and run it remotely...

7.2CVSS3.9AI score0.0224EPSS

Exploits0References3Affected Software1

Snyk•added 2022/05/06 10:30 a.m.•1 views

Arbitrary Code Execution

Overview Affected versions of this package are vulnerable to Arbitrary Code Execution in the gitserver service. An administrator who is able to edit or add a Gitolite code host and has administrative access to Sourcegraph’s bundled Grafana instance can change this command arbitrarily and run it...

7.2CVSS7.2AI score0.0224EPSS

Exploits0References2

NVD•added 2022/05/06 12:15 a.m.•8 views

CVE-2022-29171

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration with Phabricator allows Sourcegraph site admins to specify a callsignCommand, which is used to obtain...

7.2CVSS0.0224EPSS

Exploits0References1

Prion•added 2022/05/06 12:15 a.m.•8 views

Remote code execution

6CVSS7.2AI score0.0224EPSS

Exploits0References1Affected Software1

CNNVD•added 2022/05/06 12:0 a.m.•1 views

Sourcegraph 代码注入漏洞

Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. A code injection vulnerability exists in versions prior to Sourcegraph 3.38.0, which can be exploited by an attacker to execute remote code in the gitserver service...

7.2CVSS7.6AI score0.0224EPSS

Exploits0References2

OSV•added 2022/05/05 11:25 p.m.•15 views

CVE-2022-29171 Remote Code Execution in sourcegraph

6.6CVSS7.1AI score0.0224EPSS

Exploits0References3

Cvelist•added 2022/05/05 11:25 p.m.•17 views

CVE-2022-29171 Remote Code Execution in sourcegraph

6.6CVSS7.5AI score0.0224EPSS

Exploits0References1

Vulnrichment•added 2022/05/05 11:25 p.m.•5 views

CVE-2022-29171 Remote Code Execution in sourcegraph

6.6CVSS7.3AI score0.0224EPSS

Exploits0References1

CVE•added 2022/05/05 11:25 p.m.•81 views

CVE-2022-29171

Sourcegraph ≤ 3.37.0 is vulnerable to Remote Code Execution in the gitserver service. The Gitolite code-host integration with Phabricator lets an administrator who can edit/add a Gitolite code-host and has admin access to Sourcegraph’s bundled Grafana instance modify the callsignCommand, which ca...

7.2CVSS7AI score0.0224EPSS

Exploits0References1Affected Software1

CNVD•added 2022/02/22 12:0 a.m.•19 views

Sourcegraph code injection vulnerability

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. Sourcegraph is vulnerable to a code injection vulnerability that could be exploited by attackers to cause remote code execution...

8.8CVSS4.9AI score0.85278EPSS

Exploits8References1

Veracode•added 2022/02/21 1:33 p.m.•18 views

Remote Code Execution (RCE)

github.com/sourcegraph/sourcegraph, is vulnerable to remote code execution. The vulnerability exists because of the failure in call restriction in git config, allowing an attacker to make HTTP requests to internal services and perform the malicious operations remotely...

8.8CVSS2.7AI score0.85278EPSS

Exploits8References5Affected Software1

NVD•added 2022/02/18 11:15 p.m.•9 views

CVE-2022-23642

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the gitserver service. The service acts as a git exec proxy, and fails to properly restrict calling git config. This allows an attacker to set the git core.sshCommand...

8.8CVSS0.85278EPSS

Exploits8References4

Prion•added 2022/02/18 11:15 p.m.•12 views

Remote code execution

6CVSS8.8AI score0.85278EPSS

Exploits8References4Affected Software1

CVE•added 2022/02/18 10:15 p.m.•162 views

CVE-2022-23642

Sourcegraph prior to 3.37 is vulnerable to remote code execution in the gitserver service due to insufficient restriction on git config execution. The issue arises when an attacker who can access internal gitserver HTTP endpoints can set the git core.sshCommand option, causing git to execute arbi...

8.8CVSS8.8AI score0.85278EPSS

Exploits8References4Affected Software1

Cvelist•added 2022/02/18 10:15 p.m.•14 views

CVE-2022-23642 Code Injection in Sourcegraph

8.8CVSS9.1AI score0.85278EPSS

Exploits8References4

Vulnrichment•added 2022/02/18 10:15 p.m.•5 views

CVE-2022-23642 Code Injection in Sourcegraph

8.8CVSS8.8AI score0.85278EPSS

Exploits8References4

OSV•added 2022/02/18 10:15 p.m.•9 views

CVE-2022-23642 Code Injection in Sourcegraph