SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.
References
Link | Resource |
---|---|
https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-28T22:57:20
Updated: 2024-06-04T17:12:22.373Z
Reserved: 2020-10-28T00:00:00
Link: CVE-2020-27986
JSON object: View
NVD Information
Status : Modified
Published: 2020-10-28T23:15:12.410
Modified: 2024-06-04T19:17:01.417
Link: CVE-2020-27986
JSON object: View
Redhat Information
No data.