CVE-2024-47911

CVSS 6.7 MEDIUMEPSS 0.4%CWE-89

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.

CVSS:3.1/AC:L/AV:N/A:L/C:H/I:H/PR:H/S:U/UI:N

Produtos afetados

n/a · n/a

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://sonarsource.atlassian.net/browse/SONAR-22340