Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NSourcegraph
APPSourcegraph< 3.41.0
Related vulnerabilities
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on ...
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability exis...
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote ...
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegrap...
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable ...