github.com/sourcegraph/sourcegraph is vulnerable to side channel attack. The attack is possible because the library does not properly exclude the private source code search results in ‘search_results.go’ , allowing an authenticated attacker to check specific string and API keys exists in private source code by using saved searches or code monitors.
CPE | Name | Operator | Version |
---|---|---|---|
github.com/sourcegraph/sourcegraph | le | v3.33.1 | |
github.com/sourcegraph/sourcegraph | le | v3.33.1 |