Sourcegraph 代码注入漏洞

Sourcegraph is an open source code search and navigation tool from Sourcegraph, Inc. Sourcegraph is vulnerable to a code injection vulnerability that could be exploited by attackers to cause remote code execution...

Privilege Escalation

Sourcegraph is vulnerable to side-channel attack. The attack is possible because the library does not properly exclude the private source code in the Code Monitoring , allowing an authenticated attacker to create many Code Monitors to receive confirmation that a specific string exists...

CVE-2022-23643

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

Code injection

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

CVE-2022-23643

CVE-2022-23643 covers a side-channel vulnerability in Sourcegraph Code Monitors. Affected are Sourcegraph 3.35 and 3.36, where private-source strings could be inferred by an authenticated but unauthorized actor via the Code Monitoring feature. The root cause is a reintroduced issue that was previ...

CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

CVE-2022-23643 Side-channel attack in Sourcegraph Code Monitors

Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects...

Sourcegraph 安全漏洞

Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. A security vulnerability exists in Sourcegraph versions 3.35 and 3.36, which stems from the reintroduction of a previously fixed side-channel vulnerability in the code monitoring feature, in which strings in...

PT-2022-3024 · Sourcegraph · Sourcegraph

Name of the Vulnerable Software and Affected Versions: Sourcegraph versions prior to 3.37 Description: The issue is related to the gitserver service in Sourcegraph, which acts as a git exec proxy and fails to properly restrict calling git config. This allows an attacker to set the git...

GHSA-MX43-R985-5H4M Open redirect vulnerability in Sourcegraph

Impact An open redirect vulnerability that allows users to be targeted for phishing attacks has been found in Sourcegraph instances configured with OAuth, OpenID, or SAML authentication enabled. Users targeted by these phishing attacks could have their authentication tokens silently harvested by ...

Open redirect vulnerability in Sourcegraph

Impact An open redirect vulnerability that allows users to be targeted for phishing attacks has been found in Sourcegraph instances configured with OAuth, OpenID, or SAML authentication enabled. Users targeted by these phishing attacks could have their authentication tokens silently harvested by ...

Access Restriction Bypass

Overview Affected versions of this package are vulnerable to Access Restriction Bypass. Strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticate...

CVE-2021-43823

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...

CVE-2021-43823

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...

CVE-2021-43823

Sourcegraph before version 3.33.2 is affected by a side-channel vulnerability in the Saved Searches and Code Monitoring features. An authenticated but unauthorized actor could create many Saved Searches or Code Monitors to infer whether specific strings exist in private source code, potentially e...

CVE-2021-43823 Side-channel attack in Sourcegraph

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A...

Sourcegraph 信息泄露漏洞

Sourcegraph is an open source code search and navigation tool from US-based Sourcegraph. An information disclosure vulnerability exists in Sourcegraph versions prior to 3.33.2. The vulnerability stems from the fact that Sourcegraph prior to version 3.33.2 is susceptible to a side-channel attack,...

CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...

CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads a...