Lucene search
Veracode Vulnerability DatabaseVERACODE:34330HistoryFeb 21, 2022 - 1:33 p.m.
Remote Code Execution (RCE)
2022-02-2113:33:42
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
9
0.935 High
EPSS
Percentile
99.1%
github.com/sourcegraph/sourcegraph, is vulnerable to remote code execution. The vulnerability exists because of the failure in call restriction in git config, allowing an attacker to make HTTP requests to internal services and perform the malicious operations remotely.
| CPE | Name | Operator | Version |
|---|---|---|---|
| github.com/sourcegraph/sourcegraph | le | v3.36.3 | |
| github.com/sourcegraph/sourcegraph | le | v3.36.3 |
References
packetstormsecurity.com/files/167506/Sourcegraph-Gitserver-3.36.3-Remote-Code-Execution.html
packetstormsecurity.com/files/167741/Sourcegraph-gitserver-sshCommand-Remote-Command-Execution.html
github.com/sourcegraph/sourcegraph/commit/c00d7c04d7da30a3ad052f53713f723e9d4e7cb3
github.com/sourcegraph/sourcegraph/pull/30833
github.com/sourcegraph/sourcegraph/security/advisories/GHSA-qcmp-fx72-q8q9
Related
cve
cve
CVE-2022-23642
2022-02-18 23:15:09
zdt
zdt
Sourcegraph gitserver sshCommand Remote Command Execution Exploit
2022-07-14 00:00:00
Sourcegraph Gitserver 3.36.3 - Remote Code Execution Exploit
2022-06-14 00:00:00
cvelist
cvelist
CVE-2022-23642 Code Injection in Sourcegraph
2022-02-18 22:15:11
nvd
nvd
CVE-2022-23642
2022-02-18 23:15:09
githubexploit
githubexploit
Exploit for Code Injection in Sourcegraph
2022-06-10 06:12:15
rapid7blog
rapid7blog
Metasploit Weekly Wrap-Up
2022-07-15 16:00:55
metasploit
metasploit
Sourcegraph gitserver sshCommand RCE
2022-07-05 20:58:22
osv
osv
CVE-2022-23642
2022-02-18 23:15:09
packetstorm
packetstorm
Sourcegraph gitserver sshCommand Remote Command Execution
2022-07-13 00:00:00
Sourcegraph Gitserver 3.36.3 Remote Code Execution
2022-06-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Sourcegraph Command Injection (CVE-2022-23642)
2022-07-20 00:00:00
cnvd
cnvd
Sourcegraph code injection vulnerability
2022-02-22 00:00:00
prion
prion
Remote code execution
2022-02-18 23:15:00
exploitdb
exploitdb
Sourcegraph Gitserver 3.36.3 - Remote Code Execution (RCE)
2022-06-14 00:00:00