Known Vulnerabilities for products from Sonarsource
Listed below are 7 of the newest known vulnerabilities associated with the vendor "Sonarsource".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2020-35193 json | The official sonarqube docker images before alpine (Alpine specific) contain a blank password for a root user. System using t... | 9.8 - CRITICAL | 2020-12-16 | 2020-12-21 |
| CVE-2020-28002 json | In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value fo... | 5.3 - MEDIUM | 2020-11-02 | 2020-11-17 |
| CVE-2020-27986 json | ** DISPUTED ** SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the ... | 7.5 - HIGH | 2020-10-28 | 2023-11-07 |
| CVE-2019-17579 json | SonarSource SonarQube before 7.8 has XSS in project links on account/projects. | 6.1 - MEDIUM | 2019-10-14 | 2019-10-17 |
| CVE-2018-1000425 json | An insufficiently protected credentials vulnerability exists in Jenkins SonarQube Scanner Plugin 2.8 and earlier in SonarInst... | 7.8 - HIGH | 2019-01-09 | 2020-08-24 |
| CVE-2018-19413 json | A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive inform... | 4.3 - MEDIUM | 2018-12-14 | 2019-01-03 |
| CVE-2013-5676 json | The Jenkins Plugin for SonarQube 3.7 and earlier allows remote authenticated users to obtain sensitive information (cleartext... | Not Provided | 2013-12-13 | 2026-04-29 |
Known software with vulnerabilities from Sonarsource
| Type | Vendor | Product | Version |
|---|---|---|---|
| Application | Sonarsource | Jenkins Plugin | - |
| Application | Sonarsource | Sonarqube | 1.0.1 |
| Application | Sonarsource | Sonarqube Docker Image | 4.5.7 |
| Application | Sonarsource | Sonarqube Scanner | - |