CVE-2020-27986

SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.
References
Configurations

Configuration 1 (hide)

cpe:2.3:a:sonarsource:sonarqube:8.4.2.36762:*:*:*:*:*:*:*

History

07 Nov 2023, 03:21

Type Values Removed Values Added
CWE CWE-522 CWE-306
CWE-312
Summary ** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it." SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI. NOTE: reportedly, the vendor's position for SMTP and SVN is "it is the administrator's responsibility to configure it.

Information

Published : 2020-10-28 23:15

Updated : 2024-07-03 01:36


NVD link : CVE-2020-27986

Mitre link : CVE-2020-27986

CVE.ORG link : CVE-2020-27986


JSON object : View

Products Affected

sonarsource

  • sonarqube
CWE
CWE-306

Missing Authentication for Critical Function

CWE-312

Cleartext Storage of Sensitive Information