VYPR
High severity7.2NVD Advisory· Published Oct 4, 2024· Updated Apr 15, 2026

CVE-2024-47910

CVE-2024-47910

Description

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Sonarsource/Sonarqubeinferred2 versions
    <9.9.5 || >=10.0,<10.5+ 1 more
    • (no CPE)range: <9.9.5 || >=10.0,<10.5
    • (no CPE)range: <9.9.5 LTA, >=10.0 <10.5

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.