HIGH🇬🇧 English

CVE-2022-41942

CVSS 7.9v3.1pub. 2022-11-22upd. 2024-11-21

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.

oryginał EN
CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
  • Sourcegraph

    APP
    Sourcegraph
    < 4.1.0
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
ContainerCommand Injection
CWE
Referencje

Powiązane podatności

CVE-2022-41943CRITICAL9.0ten sam produkt

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on ...

CVE-2022-23642HIGH8.8ten sam produkt

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote ...

CVE-2022-31155MEDIUM4.3ten sam produkt

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is p...

CVE-2022-31154MEDIUM6.4ten sam produkt

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegrap...

CVE-2022-29171MEDIUM6.6ten sam produkt

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable ...