HIGH🇵🇱 Wersja polska

CVE-2022-41942

CVSS 7.9v3.1pub. 2022-11-22upd. 2024-11-21

Sourcegraph is a code intelligence platform. In versions prior to 4.1.0 a command Injection vulnerability existed in the gitserver service, present in all Sourcegraph deployments. This vulnerability was caused by a lack of input validation on the host parameter of the `/list-gitolite` endpoint. It was possible to send a crafted request to gitserver that would execute commands inside the container. Successful exploitation requires the ability to send local requests to gitserver. The issue is patched in version 4.1.0.

CVSS Vector
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L
  • Sourcegraph

    APP
    Sourcegraph
    < 4.1.0
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
Tags
ContainerCommand Injection
CWE
References

Related vulnerabilities

CVE-2022-41943CRITICAL9.0ten sam produkt

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on ...

CVE-2022-23642HIGH8.8ten sam produkt

Sourcegraph is a code search and navigation engine. Sourcegraph prior to version 3.37 is vulnerable to remote ...

CVE-2022-31155MEDIUM4.3ten sam produkt

Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is p...

CVE-2022-31154MEDIUM6.4ten sam produkt

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegrap...

CVE-2022-29171MEDIUM6.6ten sam produkt

Sourcegraph is a fast and featureful code search and navigation engine. Versions before 3.38.0 are vulnerable ...