SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://csl.com.co/sonarqube-auditando-al-auditor-parte-i/ |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2020-10-28T22:57:20
Updated: 2024-08-04T16:25:43.905Z
Reserved: 2020-10-28T00:00:00
Link: CVE-2020-27986
Vulnrichment
Updated: 2024-08-04T16:25:43.905Z
NVD
Status : Modified
Published: 2020-10-28T23:15:12.410
Modified: 2024-08-04T17:15:32.413
Link: CVE-2020-27986
Redhat
No data.