Sonarqube@* Security Vulnerabilities and Issues — Sonarqube@* CVE List

Lucene search

SonarsourceSonarqube*

5 matches found

CVE•added 2024/10/04 9:15 p.m.•71 views

CVE-2024-47910

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.

7.2CVSS6.5AI score0.00161EPSS

CVE•added 2024/10/04 9:15 p.m.•69 views

CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.

6.7CVSS6.7AI score0.00128EPSS

CVE•added 2019/10/14 3:15 p.m.•59 views

CVE-2019-17579

SonarSource SonarQube before 7.8 has XSS in project links on account/projects.

6.1CVSS5.9AI score0.00328EPSS

CVE•added 2018/12/14 3:29 p.m.•55 views

CVE-2018-19413

A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the ext...

4.3CVSS4.3AI score0.00196EPSS

CVE•added 2024/06/16 3:15 p.m.•46 views

CVE-2024-38460

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).

6.5CVSS7AI score0.00037EPSS