CVE-2022-31154

Name of the Vulnerable Software and Affected Versions Sourcegraph versions prior to 3.42

Description The issue allows an authenticated Sourcegraph user to edit Code Monitors owned by any other Sourcegraph user, including editing the trigger and action of the monitor. However, an attacker cannot read the contents of existing code monitors, only override the data.

Recommendations For versions prior to 3.42, update to Sourcegraph 3.42 to resolve the issue, as patching is highly recommended and there are no available workarounds.