3 matches found
SonarSource SonarQube Server < 9.9.5 / 10.x < 10.5 GitHub Integration JWT Exfiltration (CVE-2024-47910)
The version of SonarSource SonarQube Server running on the remote host is prior to 9.9.5 or 10.x prior to 10.5. It is, therefore, affected by an information disclosure vulnerability: - A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to...
CVE-2024-47910
creationtimestamp| type| source ---|---|--- 2024-10-04 23:33:49+00:00| seen| https://t.me/cvedetector/7028...
CVE-2024-47910
The CVE describes an information-disclosure vulnerability in SonarSource SonarQube server pre-9.9.5 LTA and pre-10.5. Specifically, a user with Administrator privileges can modify an existing GitHub integration configuration to exfiltrate a pre-signed JWT. Affected versions: SonarQube before 9.9....