{"containers": {"cna": {"affected": [{"product": "sourcegraph", "vendor": "sourcegraph", "versions": [{"status": "affected", "version": "< 3.41.0"}]}], "descriptions": [{"lang": "en", "value": "Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users\u2019 saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users\u2019 saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-01T18:40:28", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59"}], "source": {"advisory": "GHSA-37qp-9jq6-f6mx", "discovery": "UNKNOWN"}, "title": "Unauthorized overwriting of saved searches in Sourcegraph", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-31155", "STATE": "PUBLIC", "TITLE": "Unauthorized overwriting of saved searches in Sourcegraph"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "sourcegraph", "version": {"version_data": [{"version_value": "< 3.41.0"}]}}]}, "vendor_name": "sourcegraph"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users\u2019 saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users\u2019 saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-863: Incorrect Authorization"}]}]}, "references": {"reference_data": [{"name": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx", "refsource": "CONFIRM", "url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx"}, {"name": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59", "refsource": "MISC", "url": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59"}]}, "source": {"advisory": "GHSA-37qp-9jq6-f6mx", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T07:11:39.805Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-31155", "datePublished": "2022-08-01T18:40:28", "dateReserved": "2022-05-18T00:00:00", "dateUpdated": "2024-08-03T07:11:39.805Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sourcegraph:sourcegraph:*:*:*:*:*:*:*:*", "matchCriteriaId": "14A4E178-28C9-4AC6-B1C3-8F66EF3DC4FD", "versionEndExcluding": "3.41.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Sourcegraph is an opensource code search and navigation engine. In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users\u2019 saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users\u2019 saved searches, only overwriting them with attacker-controlled searches. The issue is patched in Sourcegraph version 3.41.0. There is no workaround for this issue and updating to a secure version is highly recommended."}, {"lang": "es", "value": "Sourcegraph es un motor de b\u00fasqueda y navegaci\u00f3n de c\u00f3digo abierto. En Sourcegraph versiones anteriores a 3.41.0, es posible que un atacante borre las b\u00fasquedas guardadas de otros usuarios debido a un error en la comprobaci\u00f3n de la autorizaci\u00f3n. La vulnerabilidad no permite leer las b\u00fasquedas guardadas de otros usuarios, s\u00f3lo sobrescribirlas con b\u00fasquedas controladas por el atacante. El problema est\u00e1 parcheado en Sourcegraph versi\u00f3n 3.41.0. No se presenta una mitigaci\u00f3n para este problema y es recomendado encarecidamente la actualizaci\u00f3n a una versi\u00f3n segura"}], "id": "CVE-2022-31155", "lastModified": "2024-11-21T07:04:00.980", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-01T19:15:08.270", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/sourcegraph/sourcegraph/commit/2832d7882396a6295ba5803b5ef48dc7d5a24c59"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-37qp-9jq6-f6mx"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}