CVE-2022-31154
First published: Mon Aug 01 2022(Updated: )
Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Sourcegraph Sourcegraph | <3.42.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2022-31154?
CVE-2022-31154 is a vulnerability in Sourcegraph, an open-source code search and navigation engine, that allows an authenticated user to edit Code Monitors owned by other users.
How severe is CVE-2022-31154?
CVE-2022-31154 has a severity rating of 4.3, which is considered medium.
How can an attacker exploit CVE-2022-31154?
An attacker can exploit CVE-2022-31154 by editing the trigger and action of Code Monitors owned by other users on Sourcegraph.
What software is affected by CVE-2022-31154?
Sourcegraph versions up to and excluding 3.42.0 are affected by CVE-2022-31154.
How can CVE-2022-31154 be fixed?
To fix CVE-2022-31154, users should update Sourcegraph to version 3.42.0 or later.
- collector/nvd-index
- vendor/sourcegraph
- canonical/sourcegraph sourcegraph