SonarSource SonarQube Authentication Bypass Vulnerability

SonarSource SonarQube is an open source code quality management system from SonarSource Switzerland. An authentication bypass vulnerability exists in SonarQube version 8.4.2.36762, which allows an external attacker to implement authentication bypass via SonarScanner to create and overwrite public...

SonarSource SonarQube Information Disclosure Vulnerability (CNVD-2020-64787)

SonarSource SonarQube is an open source code quality management system from SonarSource Switzerland. An information disclosure vulnerability exists in SonarQube version 8.4.2.36762, which can be exploited by an attacker to discover plaintext SMTP, SVN, and GitLab credentials via an api set value...

CVE-2020-27986

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it...

PT-2020-16890 · Sonarsource · Sonarqube

Name of the Vulnerable Software and Affected Versions: SonarQube version 8.4.2.36762 Description: The issue allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the "api/settings/values" URI. The vendor's position is that it is the administrator's responsibility to...