CVE-2022-41943

HIGH Year: 2022
CVSS v3 Score
7.2
High
Weakness Type
CWE-276
View all →

Vulnerability Description

sourcegraph is a code intelligence platform. As a site admin it was possible to execute arbitrary commands on Gitserver when the experimental `customGitFetch` feature was enabled. This experimental feature has now been disabled by default. This issue has been patched in version 4.1.0.

Related Vulnerabilities

CVE-2018-17860

HIGH
CVSS:7.2(High)

Cloudera CDH has Insecure Permissions because ALL cannot be revoked.This affects 5.x through 5.15.1 and 6.x through 6.0.1.

CWE-2762018

CVE-2018-6683

HIGH
CVSS:7.2(High)

Exploiting Incorrectly Configured Access Control Security Levels vulnerability in McAfee Data Loss Prevention (DLP) for Windows versions prior to 10.0.505 and 11.0.405 allows local users to bypass DLP...

CWE-2762018

CVE-2019-16185

HIGH
CVSS:7.2(High)

In Limesurvey before 3.17.14, admin users can view, update, or delete reserved menu entries without proper permissions.

CWE-2762019

CVE-2019-16186

HIGH
CVSS:7.2(High)

In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions.

CWE-2762019

CVE-2021-21736

HIGH
CVSS:7.2(High)

A smart camera product of ZTE is impacted by a permission and access control vulnerability. Due to the defect of user permission management by the cloud-end app, users whose sharing permissions have b...

CWE-2762021

CVE-2021-22311

HIGH
CVSS:7.2(High)

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow ce...

CWE-2762021