Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Indirect Object Access in Sourcegraph Code Monitoring
Vulnerability Description
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Vulnerability Type
授权机制不正确
Vulnerability Title
Sourcegraph 安全漏洞
Vulnerability Description
Sourcegraph是美国Sourcegraph公司的一款开源的代码搜索和导航工具。engine是一个 GOST 加密算法的 OpenSSL 参考实现。 Sourcegraph 3.42之前版本存在安全漏洞,该漏洞源于经过身份验证的 Sourcegraph 用户可以编辑任何其他 Sourcegraph 用户拥有的代码监视器,这包括能够编辑相关监视器的触发器和操作。
CVSS Information
N/A
Vulnerability Type
N/A