Synced 16 Jun 2026 15:24 UTC Account
← All products

CVE-2021-32787

LOW severity · CVSS 3.1 · Information disclosure
3.1CVSS LOW

Summary

Sourcegraph is a code search and navigation engine. Sourcegraph before version 3.30.0 has two potential information leaks. The site-admin area can be accessed by regular users and all information and features are properly protected except for daily usage statistics and code intelligence uploads and indexes. It is not possible to alter the information, nor interact with any other features in the site-admin area. The issue is patched in version 3.30.0, where the information cannot be accessed by unprivileged users. There are no workarounds aside from upgrading.

Impact & exploitability

Attack vectorNetwork
Attack complexityHigh
Privileges requiredLow
User interactionNone
Confidentiality impactLow
Integrity impactNone
Availability impactNone
Exploit probability (EPSS)1%

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N

Affected products we track (1)

Sourcegraph

Recommendation

Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.

Official patch: https://github.com/sourcegraph/sourcegraph/commit/6e51f4546368d959a1f9f173d16e5f20c55deb56 ↗

Additional information