Vulnerabilities > Sonarsource > Sonarqube > 7.7

DATE CVE VULNERABILITY TITLE RISK
2024-06-16 CVE-2024-38460 Information Exposure Through Log Files vulnerability in Sonarsource Sonarqube
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).
network
low complexity
sonarsource CWE-532
6.5
6.5
2019-10-14 CVE-2019-17579 Cross-site Scripting vulnerability in Sonarsource Sonarqube
SonarSource SonarQube before 7.8 has XSS in project links on account/projects.
network
low complexity
sonarsource CWE-79
6.1
6.1