Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Low risk information disclosure in Sourcegraph
Vulnerability Description
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Sourcegraph 信息泄露漏洞
Vulnerability Description
Sourcegraph是美国Sourcegraph公司的一款开源的代码搜索和导航工具。 Sourcegraph存在安全漏洞,该漏洞源于网站管理区域可以被普通用户访问,除日常使用统计数据和代码智能上传和索引外,所有信息和功能都得到了适当的保护。不可能更改信息,也不可能与站点管理区域中的任何其他功能交互。
CVSS Information
N/A
Vulnerability Type
N/A