Vulnerabilities > Sonarsource > Sonarqube
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-16 | CVE-2024-38460 | Information Exposure Through Log Files vulnerability in Sonarsource Sonarqube In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc). | 6.5 |
| 2020-11-02 | CVE-2020-28002 | Improper Authentication vulnerability in Sonarsource Sonarqube 8.4.2.36762 In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. | 5.3 |
| 2020-10-28 | CVE-2020-27986 | Cleartext Storage of Sensitive Information vulnerability in Sonarsource Sonarqube 8.4.2.36762 SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. | 7.5 |
| 2019-10-14 | CVE-2019-17579 | Cross-site Scripting vulnerability in Sonarsource Sonarqube SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | 6.1 |
| 2018-12-14 | CVE-2018-19413 | Information Exposure vulnerability in Sonarsource Sonarqube A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. | 4.3 |