CVE-2021-32787

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sourcegraph:sourcegraph:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
CVSS v2 : 4.0
v3 : 4.3
v2 : 4.0
v3 : 3.1
References () https://github.com/sourcegraph/sourcegraph/commit/6e51f4546368d959a1f9f173d16e5f20c55deb56 - Patch, Third Party Advisory () https://github.com/sourcegraph/sourcegraph/commit/6e51f4546368d959a1f9f173d16e5f20c55deb56 - Patch, Third Party Advisory
References () https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-mq5p-477h-xgwv - Third Party Advisory () https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-mq5p-477h-xgwv - Third Party Advisory

Information

Published : 2021-08-02 22:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32787

Mitre link : CVE-2021-32787

CVE.ORG link : CVE-2021-32787


JSON object : View

Products Affected

sourcegraph

  • sourcegraph
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo