CVE-2022-31155

CVSS V2 None CVSS V3 Medium 4.3
Description
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended.
Overview
  • CVE ID
  • CVE-2022-31155
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-08-01T19:15:08
  • Last Modified Date
  • 2022-08-08T14:43:06
Weakness Enumerations
CWE URL
CWE-863 http://cwe.mitre.org/data/definitions/863.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:sourcegraph:sourcegraph:*:*:*:*:*:*:*:* 1 OR 3.41.0
CVSS Version 3
  • Version
  • 3.1
  • Vector String
  • CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
  • Attack Vector
  • NETWORK
  • Attack Compatibility
  • LOW
  • Privileges Required
  • LOW
  • User Interaction
  • NONE
  • Scope
  • UNCHANGED
  • Confidentiality Impact
  • NONE
  • Availability Impact
  • NONE
  • Base Score
  • 4.3
  • Base Severity
  • MEDIUM
  • Exploitability Score
  • 2.8
  • Impact Score
  • 1.4
References
Reference URL Reference Tags
https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59
https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-31155
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31155
History
Created Old Value New Value Data Type Notes
2022-08-01 20:00:30 Added to TrackCVE