Accepted CVEs for Sourcegraph 5.1.2
| CVE ID | Affected Images | CVE Severity | CVSS Base Score | Sourcegraph Assessment | CVSS Environmental Score | Details |
|---|---|---|---|---|---|---|
| CVE-2023-32731 | caddy/caddy | High | 7.5 | Info | 0 | Caddy is used as a proxy for the Sourcegraph frontend in some deployment types, but this vulnerability is not exploitable as the frontend doesn’t accept gRPC requests. |
No known CVEs in Sourcegraph 5.1.2
Known False Positives
Some scanners incorrectly identify false positives in our images:
| Vulnerability ID | Affected Images | Note |
|---|---|---|
| CVE-2023-27561 | sourcegraph/cadvisor | False positive - this is patched in github.com/opencontainers/runc/libcontainer@v1.1.5 |
| CVE-2022-0543, CVE-2022-3734 | sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/server | False positive - these vulnerabilities are specific to Windows and Debian releases |
| CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-39201 | sourcegraph/grafana, sourcegraph/server | False positive - these vulnerabilities have been patched by Chainguard |