Accepted CVEs for Sourcegraph 5.1.2

CVE IDAffected ImagesCVE SeverityCVSS Base ScoreSourcegraph AssessmentCVSS Environmental ScoreDetails
CVE-2023-32731caddy/caddyHigh7.5Info0Caddy is used as a proxy for the Sourcegraph frontend in some deployment types, but this vulnerability is not exploitable as the frontend doesn’t accept gRPC requests.

No known CVEs in Sourcegraph 5.1.2

Known False Positives

Some scanners incorrectly identify false positives in our images:

Vulnerability IDAffected ImagesNote
CVE-2023-27561sourcegraph/cadvisorFalse positive - this is patched in
CVE-2022-0543, CVE-2022-3734sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/serverFalse positive - these vulnerabilities are specific to Windows and Debian releases
CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-39201sourcegraph/grafana, sourcegraph/serverFalse positive - these vulnerabilities have been patched by Chainguard