Every CVE whose affected-product data names Sonarsource Sonarqube, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (6)
CVE-2020-27986 — CVSS 7.5 (high): SonarQube 8.4.2.36762 allows remote attackers to discover cleartext SMTP, SVN, and GitLab credentials via the api/settings/values URI…
CVE-2024-47911 — CVSS 6.7 (medium): In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint…
CVE-2020-28002 — CVSS 5.3 (medium): In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D…
CVE-2024-38460 — CVSS 4.9 (medium): In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in…
CVE-2018-19413 — CVSS 4.3 (medium): A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as…