Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
N/A
Vulnerability Title
SonarSource SonarQube 安全漏洞
Vulnerability Description
SonarSource SonarQube是瑞士SonarSource公司的一套开源的代码质量管理系统。 SonarSource SonarQube 10.4和9.9.4之前版本存在安全漏洞,该漏洞源于使用设置加密功能生成的加密值可能会以明文形式作为日志中URL参数的一部分公开。
CVSS Information
N/A
Vulnerability Type
N/A