RSS   Podatności dla 'Sonarqube'   RSS

2020-12-16
 
CVE-2020-35193

CWE-306
 

 
The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using the sonarqube docker container deployed by affected versions of the docker image may allow a remote attacker to achieve root access with a blank password.

 
2018-12-14
 
CVE-2018-19413

CWE-200
 

 
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.

 

 >>> Vendor: Sonarsource 4 Produkty
Jenkins plugin
Sonarqube
Sonarqube scanner
Sonarqube docker image


Copyright 2021, cxsecurity.com

 

Back to Top