CVE-2020-12283
N/A
N/A
Summary
Sourcegraph before 3.15.1 has a vulnerable authentication workflow because of improper validation in the SafeRedirectURL method in cmd/frontend/auth/redirect.go, such as for the //foo//example.com substring.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | n/a | n/a | affected |
Weaknesses
- n/a
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/sourcegraph/sourcegraph/pull/10167
- https://github.com/sourcegraph/sourcegraph/compare/v3.15.0…v3.15.1
- https://github.com/sourcegraph/sourcegraph/commit/c0f48172e815c7f66471a38f0a06d1fc32a77a64
- https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md
- https://securitylab.github.com/advisories/GHSL-2020-085-sourcegraph
References
- https://github.com/sourcegraph/sourcegraph/pull/10167
- https://github.com/sourcegraph/sourcegraph/compare/v3.15.0…v3.15.1
- https://github.com/sourcegraph/sourcegraph/commit/c0f48172e815c7f66471a38f0a06d1fc32a77a64
- https://github.com/sourcegraph/sourcegraph/blob/master/CHANGELOG.md
- https://securitylab.github.com/advisories/GHSL-2020-085-sourcegraph
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.