Skip to content
This repository has been archived by the owner on Sep 30, 2024. It is now read-only.

Unauthorized overwriting of saved searches in Sourcegraph

Moderate
ferozsalam published GHSA-37qp-9jq6-f6mx Jul 26, 2022

Package

gomod Sourcegraph (Go)

Affected versions

< 3.41.0

Patched versions

3.41.0

Description

Impact

In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches.

Patches

The issue is patched in Sourcegraph version 3.41.0.

Workarounds

There is no workaround for this issue and updating to a secure version is highly recommended.

References

For more information

If you have any questions or comments about this advisory:

Severity

Moderate

CVE ID

CVE-2022-31155

Weaknesses