Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Incorrect default permissions found in Sourcegraph
Vulnerability Description
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:L
Vulnerability Type
缺省权限不正确
Vulnerability Title
Sourcegraph 安全漏洞
Vulnerability Description
Sourcegraph是美国Sourcegraph公司的一款开源的代码搜索和导航工具。 Sourcegraph 4.1.0之前版本存在安全漏洞,该漏洞源于当站点管理员启用实验性的“customGitFetch”功能时,可以在 Gitserver 上执行任意命令。
CVSS Information
N/A
Vulnerability Type
N/A