High severity7.2NVD Advisory· Published Oct 4, 2024· Updated Apr 15, 2026

CVE-2024-47910

Description

An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

community.sonarsource.com/t/sonarqube-github-integration-information-leakage/126609nvd
sonarsource.atlassian.net/browse/SONAR-21795nvd
sonarsource.atlassian.net/browse/SONAR-21813nvd

News mentions

No linked articles in our index yet.

cvss	0.468
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000