CVE-2021-32787 LOW

CVE-2021-32787: Low risk information disclosure in Sourcegraph

Vendor Sourcegraph
Product sourcegraph
Weakness CWE-200 · Info exposure
Published August 2, 2021
Last update August 3, 2024

CVSS base score

3.1/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading.

Key dates

02Disclosure timeline

August 2, 2021 CVE published
August 3, 2024 Record updated