Vulnerabilities > Sonarsource > Sonarqube > 8.4.2.36762

DATE CVE VULNERABILITY TITLE RISK
2024-06-16 CVE-2024-38460 Information Exposure Through Log Files vulnerability in Sonarsource Sonarqube
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).
network
low complexity
sonarsource CWE-532
6.5
6.5
2020-11-02 CVE-2020-28002 Improper Authentication vulnerability in Sonarsource Sonarqube 8.4.2.36762
In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner.
network
low complexity
sonarsource CWE-287
5.3
5.3
2020-10-28 CVE-2020-27986 Cleartext Storage of Sensitive Information vulnerability in Sonarsource Sonarqube 8.4.2.36762
SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI.
network
low complexity
sonarsource CWE-312
7.5
7.5