Main Vulnerability Database SB2022082906

SB2022082906 - Improper Authorization in Sourcegraph

Published: August 29, 2022

Security Bulletin ID SB2022082906

Severity

Low

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Data manipulation

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Improper Authorization (CVE-ID: CVE-2022-31154)

The vulnerability allows a remote attacker to bypass authorization checks.

The vulnerability exists due to an incorrect authorization check in Sourcegraph Code Monitoring. A remote user can edit the trigger and the action of the monitor in question.

Remediation

Install update from vendor's website.

References

https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-5866-hhq9-9hpc
https://github.com/sourcegraph/sourcegraph/pull/37526