SonarQube - Authentication Bypass

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. id: CVE-2020-27986 info: name: SonarQube - Authentication Bypass author: pikpikcu severity: high description: | SonarQube 8.4.2.36762 allows remote attackers to...

CLEANSTART-2026-QW49365 Allocation of Resources Without Limits or Throttling (CWE-770) in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation (CAPEC-130) causing a persistent denial o...

Multiple security vulnerabilities affect the sonarqube package. Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can allow a low-privileged authenticated user to cause Excessive Allocation CAPEC-130 causing a persistent denial of service OOM crash via submission of...

CVE-2026-3816

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

EUVD-2026-10325

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2026-3816

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2026-3816 OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2026-3816

The CVE-2026-3816 affects OWASP DefectDojo

CVE-2026-3816 OWASP DefectDojo SonarQubeParser/MSDefenderParser parser.py input_zip.read denial of service

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2026-3816

A security vulnerability has been detected in OWASP DefectDojo up to 2.55.4. This vulnerability affects the function inputzip.read of the file parser.py of the component SonarQubeParser/MSDefenderParser. The manipulation leads to denial of service. The attack can be initiated remotely. The exploi...

CVE-2020-37020

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

CVE-2020-37020

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

CVE-2020-37020

CVE-2020-37020 affects SonarQube 8.3.1 and describes an unquoted service path vulnerability in the service executable path. According to the provided description, local attackers can gain SYSTEM privileges by exploiting this path vulnerability: they replace the wrapper.exe in the service path wit...

CVE-2020-37020 SonarQube 8.3.1 - Unquoted Service Path

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

EUVD-2020-30923

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

CVE-2020-37020 SonarQube 8.3.1 - Unquoted Service Path

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

PT-2026-5293

SonarQube 8.3.1 contains an unquoted service path vulnerability that allows local attackers to gain SYSTEM privileges by exploiting the service executable path. Attackers can replace the wrapper.exe in the service path with a malicious executable to execute code with highest system privileges...

SonarQube code issues and vulnerabilities

SonarQube is an open-source code inspection tool developed by Sonar. Version SonarQube 8.3.1 has a code-related vulnerability. This vulnerability stems from the lack of quotation marks around service paths, which may allow local attackers to gain SYSTEM privileges...

GHSA-QF7C-7R9H-MM92 vulnerabilities

Vulnerabilities for packages: sonarqube, ruby4.0-elasticsearch...

CVE-2025-68384 vulnerabilities

Vulnerabilities for packages: sonarqube, ruby4.0-elasticsearch...

GHSA-67MF-3CR5-8W23 vulnerabilities

Vulnerabilities for packages: sonarqube, cassandra, opensearch...