Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Unauthorized overwriting of saved searches in Sourcegraph
Vulnerability Description
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
Vulnerability Type
授权机制不正确
Vulnerability Title
Sourcegraph 安全漏洞
Vulnerability Description
Sourcegraph是美国Sourcegraph公司的一款开源的代码搜索和导航工具。 Sourcegraph 3.42之前版本存在安全漏洞,该漏洞源于授权检查中的错误,攻击者可能会删除其他用户保存的搜索。
CVSS Information
N/A
Vulnerability Type
N/A