MEDIUM🇵🇱 Wersja polska

CVE-2022-31155

CVSS 4.3v3.1pub. 2022-08-01upd. 2024-11-21

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended.

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Sourcegraph

    APP
    Sourcegraph
    < 3.41.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2022-41943CRITICAL9.0ten sam produkt

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on ...

CVE-2022-41942HIGH7.9ten sam produkt

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability exis...

CVE-2022-23642HIGH8.8ten sam produkt

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote ...

CVE-2022-31154MEDIUM6.4ten sam produkt

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegrap...

CVE-2022-29171MEDIUM6.6ten sam produkt

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable ...