Executive Summary
| Informations | |||
|---|---|---|---|
| Name | CVE-2022-31154 | First vendor Publication | 2022-08-01 |
| Vendor | Cve | Last vendor Modification | 2022-08-08 |
Security-Database Scoring CVSS v3
| Cvss vector : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N | |||
|---|---|---|---|
| Overall CVSS Score | 4.3 | ||
| Base Score | 4.3 | Environmental Score | 4.3 |
| impact SubScore | 1.4 | Temporal Score | 4.3 |
| Exploitabality Sub Score | 2.8 | ||
| Attack Vector | Network | Attack Complexity | Low |
| Privileges Required | Low | User Interaction | None |
| Scope | Unchanged | Confidentiality Impact | None |
| Integrity Impact | Low | Availability Impact | None |
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : | |||
|---|---|---|---|
| Cvss Base Score | N/A | Attack Range | N/A |
| Cvss Impact Score | N/A | Attack Complexity | N/A |
| Cvss Expoit Score | N/A | Authentication | N/A |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended. |
Original Source
| Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-31154 |
CPE : Common Platform Enumeration
| Type | Description | Count |
|---|---|---|
| Application | 1 |
Sources (Detail)
| Source | Url |
|---|---|
| CONFIRM | https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-5866-hhq9... |
| MISC | https://github.com/sourcegraph/sourcegraph/pull/37526 |
Alert History
| Date | Informations |
|---|---|
| 2022-08-08 21:27:14 |
|
| 2022-08-02 17:27:09 |
|
| 2022-08-02 00:27:11 |
|
