What is CVE-2021-43823?

CVE-2021-43823 is a vulnerability in Sourcegraph that allows an authenticated but unauthorized actor to guess strings in private source code.

What is the severity of CVE-2021-43823?

The severity of CVE-2021-43823 is medium with a CVSS score of 6.5.

How can an attacker exploit CVE-2021-43823?

An attacker can exploit CVE-2021-43823 by using a side-channel attack to guess strings in private source code.

How can I fix CVE-2021-43823?

To fix CVE-2021-43823, upgrade Sourcegraph to version 3.33.2 or later.

Vulnerability/
CVE-2021-43823

medium

6.5

CWE

203 200

13/12/2021

16/12/2021

CVE-2021-43823: Infoleak

Q: How does CVE-2021-43823 affect Sourcegraph?

CVE-2021-43823 affects the Saved Searches and Code Monitoring features of Sourcegraph.

First published: Mon Dec 13 2021(Updated: )

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.33.2 is vulnerable to a side-channel attack where strings in private source code could be guessed by an authenticated but unauthorized actor. This issue affects the Saved Searches and Code Monitoring features. A successful attack would require an authenticated bad actor to create many Saved Searches or Code Monitors to receive confirmation that a specific string exists. This could allow an attacker to guess formatted tokens in source code, such as API keys. This issue was patched in version 3.33.2 and any future versions of Sourcegraph. We strongly encourage upgrading to secure versions. If you are unable to, you may disable Saved Searches and Code Monitors.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Sourcegraph Sourcegraph	<3.33.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2021-43823?
CVE-2021-43823 is a vulnerability in Sourcegraph that allows an authenticated but unauthorized actor to guess strings in private source code.
How does CVE-2021-43823 affect Sourcegraph?
CVE-2021-43823 affects the Saved Searches and Code Monitoring features of Sourcegraph.
What is the severity of CVE-2021-43823?
The severity of CVE-2021-43823 is medium with a CVSS score of 6.5.
How can an attacker exploit CVE-2021-43823?
An attacker can exploit CVE-2021-43823 by using a side-channel attack to guess strings in private source code.
How can I fix CVE-2021-43823?
To fix CVE-2021-43823, upgrade Sourcegraph to version 3.33.2 or later.

collector/nvd-index
agent/severity
agent/weakness
agent/references
agent/author
agent/type
agent/tags
agent/description
agent/event
agent/softwarecombine
agent/last-modified-date
agent/remedy
vendor/sourcegraph
canonical/sourcegraph sourcegraph

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.