3 matches found
com.devonfw.tools:sonar-devon-plugin (=3.0.0), com.devonfw.tools:sonar-devon4j-plugin (=3.2.0) +124 more potentially affected by CVE-2018-19413 via org.sonarsource.sonarqube:sonar-plugin-api (>=5.2 <=7.4-alpha2)
org.sonarsource.sonarqube:sonar-plugin-api MAVEN version =5.2, =0.1.0, =2.0.0, =2.0.0, =1.0.0, =1.0.0, =3.7.0, =2.0.0, =3.0.0, =1.0, =1.0, =1.0, =1.7 and more Source cves: CVE-2018-19413 Source advisory: OSV:GHSA-M643-2PFV-XWM8...
CVE-2018-19413
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the...
CVE-2018-19413
CVE-2018-19413 affects the SonarSource SonarQube API. An authenticated non-admin user could access the externalIdentity field due to improperly configured access controls, enabling disclosure of valid user login names. Affected versions include SonarQube up to 7.4 (and 7.5+ fixes referenced in re...