CVE-2020-27986

2020-10-2822:57:20

mitre

www.cve.org

7.8 High

AI Score

Confidence

High

0.369 Low

EPSS

Percentile

97.2%

JSON

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor’s position for SMTP and SVN is "it is the administrator’s responsibility to configure it.

References

csl.com.co/sonarqube-auditando-al-auditor-parte-i/