CVE-2021-32787

Published: Aug 2, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading.

Affected (1)

Products: Sourcegraph: Sourcegraph

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Sourcegraph Sourcegraph	Before 3.30.0

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (4)

https://github.com/sourcegraph/sourcegraph/commit/6e51f4546368d959a1f9f173d16e5f20c55deb56

Source: security-advisories@github.com

PatchThird Party Advisory

https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-mq5p-477h-xgwv

Source: security-advisories@github.com

Third Party Advisory

https://github.com/sourcegraph/sourcegraph/commit/6e51f4546368d959a1f9f173d16e5f20c55deb56

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-mq5p-477h-xgwv

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.