Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Vulnerability Type
在范围间的资源转移不正确
Vulnerability Title
SonarQube 安全漏洞
Vulnerability Description
SonarQube是Sonar开源的一个代码检查工具。 SonarQube 25.6之前版本、2025.3 Commercial版本和2025.1.3 LTA版本存在安全漏洞,该漏洞源于低权限用户可查询/api/v2/users-management/users端点,可能导致获取管理员专用字段和其他账户的电子邮件地址。
CVSS Information
N/A
Vulnerability Type
N/A