[MAVEN:GHSA-M643-2PFV-XWM8] Exposure of Sensitive Information to an Unauthorized Actor in SonarSource SonarQube API
Severity
Moderate
Affected Packages
1
Fixed Packages
1
CVEs
1
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.
Package | Affected Version |
---|---|
pkg:maven/org.sonarsource.sonarqube/sonar-plugin-api | < 7.4 |
Package | Fixed Version |
---|---|
pkg:maven/org.sonarsource.sonarqube/sonar-plugin-api | = 7.4 |
- ID
- MAVEN:GHSA-M643-2PFV-XWM8
- Severity
- moderate
- URL
- https://github.com/advisories/GHSA-m643-2pfv-xwm8
- Published
-
2022-05-14T01:43:42
(2 years ago) - Modified
-
2023-01-27T05:02:21
(20 months ago) - Rights
- Maven Security Team
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Affected | pkg:maven/org.sonarsource.sonarqube/sonar-plugin-api | org.sonarsource.sonarqube | sonar-plugin-api | < 7.4 | |||
Fixed | pkg:maven/org.sonarsource.sonarqube/sonar-plugin-api | org.sonarsource.sonarqube | sonar-plugin-api | = 7.4 |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |