exploitDog

CVE-2022-41943

Опубликовано: 22 нояб. 2022

Источник: nvd

CVSS3: 9

CVSS3: 7.2

EPSS Низкий

Описание

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental customGitFetch feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.

Ссылки

https://github.com/sourcegraph/sourcegraph/pull/42704
Issue Tracking
Patch
Third Party Advisory
https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-4qhq-4x4h-fxm8
Third Party Advisory
https://github.com/sourcegraph/sourcegraph/pull/42704
Issue Tracking
Patch
Third Party Advisory
https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-4qhq-4x4h-fxm8
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:sourcegraph:sourcegraph:*:*:*:*:*:*:*:*

Версия до 4.1.0 (исключая)

EPSS

Процентиль: 49%

0.00255

Низкий

9 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-276

EPSS

Процентиль: 49%

0.00255

Низкий

9 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-276