Impact
In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches.
Patches
The issue is patched in Sourcegraph version 3.41.0.
Workarounds
There is no workaround for this issue and updating to a secure version is highly recommended.
References
For more information
If you have any questions or comments about this advisory:
Impact
In Sourcegraph versions before 3.41.0, it is possible for an attacker to delete other users’ saved searches due to a bug in the authorization check. The vulnerability does not allow the reading of other users’ saved searches, only overwriting them with attacker-controlled searches.
Patches
The issue is patched in Sourcegraph version 3.41.0.
Workarounds
There is no workaround for this issue and updating to a secure version is highly recommended.
References
For more information
If you have any questions or comments about this advisory: