4 matches found
CVE-2020-27986
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it...
VulnCheck KEV: CVE-2020-27986
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it...
CVE-2020-27986
creationtimestamp| type| source ---|---|--- 2020-10-29 01:33:09+00:00| seen| https://t.me/cibsecurity/15703 2021-05-10 02:45:38+00:00| seen| https://t.me/pwnwikizhchannel/394 2024-11-12 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities - 2024-11-12 2024-11-17...
CVE-2020-27986
The CVE-2020-27986 entry applies to SonarQube 8.4.2.36762, where remote attackers can discover cleartext credentials (SMTP, SVN, GitLab) via the api/settings/values URI. The connected nuclei template explicitly calls this an authentication-related exposure, and related sources reiterate plaintext...