Home > Vulnerability Database > CVE-2022-31154

Mend.io Vulnerability Database

CVE-2022-31154

Good to know:

Date: August 1, 2022

Sourcegraph is an opensource code search and navigation engine. It is possible for an authenticated Sourcegraph user to edit the Code Monitors owned by any other Sourcegraph user. This includes being able to edit both the trigger and the action of the monitor in question. An attacker is not able to read contents of existing code monitors, only override the data. The issue is fixed in Sourcegraph 3.42. There are no workaround for the issue and patching is highly recommended.

Language: Go

Severity Score

6.4

Related Resources (4)

Url: https://github.com/sourcegraph/sourcegraph/pull/37526

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-31154

Url: https://github.com/sourcegraph/sourcegraph/security/advisories/GHSA-5866-hhq9-9hpc

Url: https://www.mend.io/vulnerability-database/CVE-2022-31154

Severity Score

6.4

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v3.42.0

Learn More

CVSS v3.1

Base Score:	6.4
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2022-31154

Good to know:

Date: August 1, 2022

Language: Go

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?