Critical
CVE-2022-41943
sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental f…
Tag: Sourcegraph
All CVEs associated with "Sourcegraph". Page 1/1 • 10 CVEs.
About “Sourcegraph”
A curated feed of “Sourcegraph”-related CVEs appears below. We currently track 10 CVEs for this tag (all time). In the last 365 days, 0 were published. Average CVSS is 6.5 (all time), and 30% are rated High/Critical (all time). Top CWEs (all time): CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor, CWE-863 - Incorrect Authorization, CWE-276 - Incorrect Default Permissions.
In our taxonomy this topic maps to a MODERATE impact class. Developer and CI or CD tooling touches supply chains and secrets. Patch controllers and agents, enforce SSO or MFA, rotate tokens, isolate runners, and audit plugins. Use the filters below to sort by CVSS, risk and CWE. Each detail page highlights vendor advisories and mitigation tips.
Support & lifecycle: sourcegraph
This table shows recent release cycles and their projected end-of-life. Data source: endoflife.date.
| Cycle | Release | Latest | EOL | LTS |
|---|---|---|---|---|
| 7 | 7.3.2527 | - | ||
| 6 | 6.12.5040 | - | ||
| 5 | 5.11.6271 | Expired | ||
| 4 | 4.5.1 | Expired |
Maintained Soon (≤ 180 days) Expired
Subscribe lifecycle: RSS (expired) · ICS
Subscribe CVEs: RSS for “Sourcegraph” · RSS (High+Critical only)
CVEs tagged with this topic. Filters apply to the whole list (loaded from JSON).
CVSS ≥ 0.0
2022-11-22
High
CVE-2022-41942
Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability…
2022-08-01
Medium
CVE-2022-31155
Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authori…
Medium
CVE-2022-31154
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being…
2022-05-06
Medium
CVE-2022-29171
Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable to Remote Code Execution in the gitserver service. The Gitolite code host integration wit…
2022-02-18
High
CVE-2022-23642
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote code execution in the `gitserver` service. The service acts as a git exec proxy, and fail…
2022-02-15
Medium
CVE-2022-23643
Sourcegraph is a code search and navigation engine. Sourcegraph versions 3.35 and 3.36 reintroduced a previously fixed side-channel vulnerabilitity in the Code Monitoring feature where strings in pri…
2021-12-13
Medium
CVE-2021-43823
Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticate…
2021-08-02
Low
CVE-2021-32787
Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and…
2020-04-30
Medium
CVE-2020-12283
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com su…