| CVE-2023-45142 | | High | 7.5 | Medium | 5.7 | There is currently no patched version for Caddy available that resolves this issue. We will update once the patch is available. The instances are not typically exposed on the internet thus the likelihood of exploitation is low. This issue only has a potential impact on the availability of the Caddy service. |
| CVE-2023-45853 | sourcegraph/github-proxy | Critical | 9.8 | Medium | 4.7 | This vulnerability impacts zlib library used for managing zip files. This issue is not present in Sourcegraph as the application doesn’t accept zip files as part of the request. |
| CVE-2023-39325 | | High | 7.5 | Medium | 4.7 | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. |
| CVE-2023-45142 | sourcegraph/dind | High | 7.5 | Medium | 4.0 | We are not vulnerable for ‘DoS vulnerability in otelhttp’ because sourcegraph/dind is not exposed to attackers and only reacheable through direct access to the infrastructure. |
| CVE-2023-39325 | caddy, sourcegraph/executor-kubernetes, sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor | High | 7.5 | Medium | 4.7 | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. |
| GHSA-M425-MQ94-257G | caddy, sourcegraph/executor-kubernetes, sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor | High | NVD had no metrics available at this time | | | We are not vulnerable to ‘gRPC-Go HTTP/2 Rapid Reset vulnerability’ because we do not expose these service directly to the internet and only reacheable through direct access to the infrastructure. |
