Vulnerabilities > Sonarsource > Sonarqube
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2020-11-02 | CVE-2020-28002 | Improper Authentication vulnerability in Sonarsource Sonarqube 8.4.2.36762 In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. | 5.0 |
| 2020-10-28 | CVE-2020-27986 | Cleartext Storage of Sensitive Information vulnerability in Sonarsource Sonarqube 8.4.2.36762 SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. | 7.5 |
| 2019-10-14 | CVE-2019-17579 | Cross-site Scripting vulnerability in Sonarsource Sonarqube SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | 4.3 |
| 2018-12-14 | CVE-2018-19413 | Information Exposure vulnerability in Sonarsource Sonarqube A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. | 4.0 |
| 2013-12-13 | CVE-2013-5676 | Cryptographic Issues vulnerability in Sonarsource Jenkins Plugin The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext passwords) by reading the value in the sonar.sonarPassword parameter from jenkins/configure. | 4.0 |