admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
cvelist/2022/31xxx/CVE-2022-31155.json
advisory-database[bot] 16cf583e96
Add CVE-2022-31155 for GHSA-37qp-9jq6-f6mx 
Add CVE-2022-31155 for GHSA-37qp-9jq6-f6mx
2022-08-01 18:36:06 +00:00

88 lines
3.2 KiB
JSON
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

{
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31155",
"STATE": "PUBLIC",
"TITLE": "Unauthorized overwriting of saved searches in Sourcegraph"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "sourcegraph",
"version": {
"version_data": [
{
"version_value": "< 3.41.0"
}
]
}
}
]
},
"vendor_name": "sourcegraph"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx",
"refsource": "CONFIRM",
"url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx"
},
{
"name": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59",
"refsource": "MISC",
"url": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59"
}
]
},
"source": {
"advisory": "GHSA-37qp-9jq6-f6mx",
"discovery": "UNKNOWN"
}
}
Reference in New Issue View Git Blame Copy Permalink