Products
SonarQube
- before 9.9.5
- before 10.5
Source
cve@mitre.org
Tags
CVE-2024-47910 details
Published : Oct. 4, 2024, 9:15 p.m.
Last Modified : Oct. 4, 2024, 9:15 p.m.
Last Modified : Oct. 4, 2024, 9:15 p.m.
Description
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
CVSS Score
| 1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
|---|
Weakness
| Weakness | Name | Description |
|---|
References
| URL | Source |
|---|---|
| https://community.sonarsource.com/t/sonarqube-github-integration-information-leakage/126609 | cve@mitre.org |
| https://sonarsource.atlassian.net/browse/SONAR-21795 | cve@mitre.org |
| https://sonarsource.atlassian.net/browse/SONAR-21813 | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.