Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
SonarSource SonarQube 信息泄露漏洞
Vulnerability Description
SonarSource SonarQube是瑞士SonarSource公司的一套开源的代码质量管理平台。该平台可从七个维度检测代码质量,以及通过插件的形式,支持包括java、C#、C/C++等多种编程语言的代码质量管理与检测。 SonarSource SonarQube 7.3及之前版本中的API存在信息泄露漏洞,该漏洞源于程序没有正确的配置访问控制。攻击者可利用该漏洞获取敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A