VYPR

Sonarqube

by Sonarsource

Source repositories

CVEs (4)

  • CVE-2024-47910HigOct 4, 2024
    risk 0.47cvss 7.2epss 0.00

    An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.

  • CVE-2025-62292MedOct 10, 2025
    risk 0.28cvss 4.3epss 0.00

    In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.

  • CVE-2024-47911Oct 4, 2024
    risk 0.00cvss epss 0.00

    In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.

  • CVE-2019-17579Oct 14, 2019
    risk 0.00cvss epss 0.01

    SonarSource SonarQube before 7.8 has XSS in project links on account/projects.