Sonarqube
by Sonarsource
Source repositories
CVEs (4)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-47910 | Hig | 0.47 | 7.2 | 0.00 | Oct 4, 2024 | An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT. | ||
| CVE-2025-62292 | Med | 0.28 | 4.3 | 0.00 | Oct 10, 2025 | In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts. | ||
| CVE-2024-47911 | 0.00 | — | 0.00 | Oct 4, 2024 | In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands. | |||
| CVE-2019-17579 | 0.00 | — | 0.01 | Oct 14, 2019 | SonarSource SonarQube before 7.8 has XSS in project links on account/projects. |
- risk 0.47cvss 7.2epss 0.00
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
- risk 0.28cvss 4.3epss 0.00
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
- CVE-2024-47911Oct 4, 2024risk 0.00cvss —epss 0.00
In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.
- CVE-2019-17579Oct 14, 2019risk 0.00cvss —epss 0.01
SonarSource SonarQube before 7.8 has XSS in project links on account/projects.