CVE-2020-27986

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.
Configurations

Configuration 1 (hide)

cpe:2.3:a:sonarsource:sonarqube:8.4.2.36762:*:*:*:*:*:*:*

History

21 Nov 2024, 05:22

Type Values Removed Values Added
References () https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ - Vendor Advisory () https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ - Vendor Advisory

07 Nov 2023, 03:21

Type Values Removed Values Added
Summary ** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.

Information

Published : 2020-10-28 23:15

Updated : 2024-11-21 05:22


NVD link : CVE-2020-27986

Mitre link : CVE-2020-27986

CVE.ORG link : CVE-2020-27986


JSON object : View

Products Affected

sonarsource

  • sonarqube
CWE
CWE-306

Missing Authentication for Critical Function

CWE-312

Cleartext Storage of Sensitive Information