3 matches found
CVE-2020-28002
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint...
CVE-2020-28002
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint...
CVE-2020-28002
CVE-2020-28002 affects SonarQube 8.4.2.36762. An external attacker can bypass authentication by supplying an empty value to -D sonar.login, forcing anonymous authentication and enabling creation/overwriting of both public and private projects via the /api/ce/submit endpoint. The NVD metrics indic...