Impact
Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for:
- Daily Usage statistics
- Code intelligence uploads and indexes
It is not possible to alter the information, nor interact with any other features in the site-admin area.
Patches
The issue is patched in version 3.30.0 where the information cannot be accessed by unprivileged users. We may work on further defenses as defense-in-depth.
Workarounds
There are no workarounds and we recommend upgrading to the latest release.
For more information
If you have any questions or comments about this advisory:
Credit
Thanks to N. Shanmuga Bharathi for reporting this vulnerability through Sourcegraph's Bug Bounty Program.
Impact
Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for:
It is not possible to alter the information, nor interact with any other features in the site-admin area.
Patches
The issue is patched in version 3.30.0 where the information cannot be accessed by unprivileged users. We may work on further defenses as defense-in-depth.
Workarounds
There are no workarounds and we recommend upgrading to the latest release.
For more information
If you have any questions or comments about this advisory:
Credit
Thanks to N. Shanmuga Bharathi for reporting this vulnerability through Sourcegraph's Bug Bounty Program.