Skip to main content

Sonarqube

6 CVEs product

Monthly

CVE-2024-47911 HIGH This Week

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sonarqube
NVD
CVSS 3.1
7.2
EPSS
0.5%
CVE-2024-38460 Maven MEDIUM POC PATCH This Month

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonarqube
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2020-28002 MEDIUM POC This Month

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonarqube
NVD
CVSS 3.1
5.3
EPSS
1.1%
CVE-2020-27986 HIGH POC THREAT This Week

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Sonarqube
NVD
CVSS 3.1
7.5
EPSS
16.2%
CVE-2019-17579 MEDIUM PATCH This Month

SonarSource SonarQube before 7.8 has XSS in project links on account/projects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sonarqube
NVD GitHub
CVSS 3.1
6.1
EPSS
0.7%
CVE-2018-19413 Maven MEDIUM PATCH This Month

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonarqube
NVD
CVSS 3.0
4.3
EPSS
1.1%
EPSS 0% CVSS 7.2
HIGH This Week

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to. Rated high severity (CVSS 7.2), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Sonarqube
NVD
EPSS 0% CVSS 6.5
MEDIUM POC PATCH This Month

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Sonarqube
NVD
EPSS 1% CVSS 5.3
MEDIUM POC This Month

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Authentication Bypass Sonarqube
NVD
EPSS 16% CVSS 7.5
HIGH POC THREAT This Week

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Gitlab Authentication Bypass Sonarqube
NVD
EPSS 1% CVSS 6.1
MEDIUM PATCH This Month

SonarSource SonarQube before 7.8 has XSS in project links on account/projects. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Cross-Site Scripting (XSS) vulnerability could allow attackers to inject malicious scripts into web pages viewed by other users.

XSS Sonarqube
NVD GitHub
EPSS 1% CVSS 4.3
MEDIUM PATCH This Month

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure Sonarqube
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy