Vulnerability Details CVE-2018-19413
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.0%
CVSS Severity
CVSS v3 Score 4.3
CVSS v2 Score 4.0
References
Products affected by CVE-2018-19413
-
cpe:2.3:a:sonarsource:sonarqube:1.0.1
-
cpe:2.3:a:sonarsource:sonarqube:1.0.2
-
cpe:2.3:a:sonarsource:sonarqube:1.1
-
cpe:2.3:a:sonarsource:sonarqube:1.10
-
cpe:2.3:a:sonarsource:sonarqube:1.10.1
-
cpe:2.3:a:sonarsource:sonarqube:1.11
-
cpe:2.3:a:sonarsource:sonarqube:1.11.1
-
cpe:2.3:a:sonarsource:sonarqube:1.12
-
cpe:2.3:a:sonarsource:sonarqube:1.2
-
cpe:2.3:a:sonarsource:sonarqube:1.2.1
-
cpe:2.3:a:sonarsource:sonarqube:1.3
-
cpe:2.3:a:sonarsource:sonarqube:1.4
-
cpe:2.3:a:sonarsource:sonarqube:1.4.1
-
cpe:2.3:a:sonarsource:sonarqube:1.4.2
-
cpe:2.3:a:sonarsource:sonarqube:1.4.3
-
cpe:2.3:a:sonarsource:sonarqube:1.5
-
cpe:2.3:a:sonarsource:sonarqube:1.5.1
-
cpe:2.3:a:sonarsource:sonarqube:1.6
-
cpe:2.3:a:sonarsource:sonarqube:1.7
-
cpe:2.3:a:sonarsource:sonarqube:1.8
-
cpe:2.3:a:sonarsource:sonarqube:1.9
-
cpe:2.3:a:sonarsource:sonarqube:1.9.1
-
cpe:2.3:a:sonarsource:sonarqube:1.9.2
-
cpe:2.3:a:sonarsource:sonarqube:2.0
-
cpe:2.3:a:sonarsource:sonarqube:2.0.1
-
cpe:2.3:a:sonarsource:sonarqube:2.1
-
cpe:2.3:a:sonarsource:sonarqube:2.1.1
-
cpe:2.3:a:sonarsource:sonarqube:2.1.2
-
cpe:2.3:a:sonarsource:sonarqube:2.10
-
cpe:2.3:a:sonarsource:sonarqube:2.10.1
-
cpe:2.3:a:sonarsource:sonarqube:2.11
-
cpe:2.3:a:sonarsource:sonarqube:2.12
-
cpe:2.3:a:sonarsource:sonarqube:2.13
-
cpe:2.3:a:sonarsource:sonarqube:2.13.1
-
cpe:2.3:a:sonarsource:sonarqube:2.14
-
cpe:2.3:a:sonarsource:sonarqube:2.2
-
cpe:2.3:a:sonarsource:sonarqube:2.3
-
cpe:2.3:a:sonarsource:sonarqube:2.3.1
-
cpe:2.3:a:sonarsource:sonarqube:2.4
-
cpe:2.3:a:sonarsource:sonarqube:2.4.1
-
cpe:2.3:a:sonarsource:sonarqube:2.5
-
cpe:2.3:a:sonarsource:sonarqube:2.6
-
cpe:2.3:a:sonarsource:sonarqube:2.7
-
cpe:2.3:a:sonarsource:sonarqube:2.8
-
cpe:2.3:a:sonarsource:sonarqube:2.9
-
cpe:2.3:a:sonarsource:sonarqube:3.0
-
cpe:2.3:a:sonarsource:sonarqube:3.0.1
-
cpe:2.3:a:sonarsource:sonarqube:3.1
-
cpe:2.3:a:sonarsource:sonarqube:3.1.1
-
cpe:2.3:a:sonarsource:sonarqube:3.2
-
cpe:2.3:a:sonarsource:sonarqube:3.2.1
-
cpe:2.3:a:sonarsource:sonarqube:3.3
-
cpe:2.3:a:sonarsource:sonarqube:3.3.1
-
cpe:2.3:a:sonarsource:sonarqube:3.3.2
-
cpe:2.3:a:sonarsource:sonarqube:3.4
-
cpe:2.3:a:sonarsource:sonarqube:3.4.1
-
cpe:2.3:a:sonarsource:sonarqube:3.5
-
cpe:2.3:a:sonarsource:sonarqube:3.5.1
-
cpe:2.3:a:sonarsource:sonarqube:3.6
-
cpe:2.3:a:sonarsource:sonarqube:3.6.1
-
cpe:2.3:a:sonarsource:sonarqube:3.6.2
-
cpe:2.3:a:sonarsource:sonarqube:3.6.3
-
cpe:2.3:a:sonarsource:sonarqube:3.7
-
cpe:2.3:a:sonarsource:sonarqube:3.7.1
-
cpe:2.3:a:sonarsource:sonarqube:3.7.2
-
cpe:2.3:a:sonarsource:sonarqube:3.7.3
-
cpe:2.3:a:sonarsource:sonarqube:3.7.4
-
cpe:2.3:a:sonarsource:sonarqube:4.0
-
cpe:2.3:a:sonarsource:sonarqube:4.1
-
cpe:2.3:a:sonarsource:sonarqube:4.1.1
-
cpe:2.3:a:sonarsource:sonarqube:4.1.2
-
cpe:2.3:a:sonarsource:sonarqube:4.2
-
cpe:2.3:a:sonarsource:sonarqube:4.3
-
cpe:2.3:a:sonarsource:sonarqube:4.3.1
-
cpe:2.3:a:sonarsource:sonarqube:4.3.2
-
cpe:2.3:a:sonarsource:sonarqube:4.3.3
-
cpe:2.3:a:sonarsource:sonarqube:4.4
-
cpe:2.3:a:sonarsource:sonarqube:4.4.1
-
cpe:2.3:a:sonarsource:sonarqube:4.5
-
cpe:2.3:a:sonarsource:sonarqube:4.5.1
-
cpe:2.3:a:sonarsource:sonarqube:4.5.2
-
cpe:2.3:a:sonarsource:sonarqube:4.5.4
-
cpe:2.3:a:sonarsource:sonarqube:4.5.5
-
cpe:2.3:a:sonarsource:sonarqube:4.5.6
-
cpe:2.3:a:sonarsource:sonarqube:4.5.7
-
cpe:2.3:a:sonarsource:sonarqube:5.0
-
cpe:2.3:a:sonarsource:sonarqube:5.0.1
-
cpe:2.3:a:sonarsource:sonarqube:5.1
-
cpe:2.3:a:sonarsource:sonarqube:5.1.1
-
cpe:2.3:a:sonarsource:sonarqube:5.1.2
-
cpe:2.3:a:sonarsource:sonarqube:5.2
-
cpe:2.3:a:sonarsource:sonarqube:5.3
-
cpe:2.3:a:sonarsource:sonarqube:5.4
-
cpe:2.3:a:sonarsource:sonarqube:5.5
-
cpe:2.3:a:sonarsource:sonarqube:5.6
-
cpe:2.3:a:sonarsource:sonarqube:5.6.1
-
cpe:2.3:a:sonarsource:sonarqube:5.6.2
-
cpe:2.3:a:sonarsource:sonarqube:5.6.3
-
cpe:2.3:a:sonarsource:sonarqube:5.6.4
-
cpe:2.3:a:sonarsource:sonarqube:5.6.5
-
cpe:2.3:a:sonarsource:sonarqube:5.6.6
-
cpe:2.3:a:sonarsource:sonarqube:5.6.7
-
cpe:2.3:a:sonarsource:sonarqube:6.0
-
cpe:2.3:a:sonarsource:sonarqube:6.1
-
cpe:2.3:a:sonarsource:sonarqube:6.1.1
-
cpe:2.3:a:sonarsource:sonarqube:6.2
-
cpe:2.3:a:sonarsource:sonarqube:6.2.1
-
cpe:2.3:a:sonarsource:sonarqube:6.3
-
cpe:2.3:a:sonarsource:sonarqube:6.3.1
-
cpe:2.3:a:sonarsource:sonarqube:6.3.2
-
cpe:2.3:a:sonarsource:sonarqube:6.4
-
cpe:2.3:a:sonarsource:sonarqube:6.5
-
cpe:2.3:a:sonarsource:sonarqube:6.6
-
cpe:2.3:a:sonarsource:sonarqube:6.7
-
cpe:2.3:a:sonarsource:sonarqube:6.7.1
-
cpe:2.3:a:sonarsource:sonarqube:6.7.2
-
cpe:2.3:a:sonarsource:sonarqube:6.7.3
-
cpe:2.3:a:sonarsource:sonarqube:6.7.4
-
cpe:2.3:a:sonarsource:sonarqube:6.7.5
-
cpe:2.3:a:sonarsource:sonarqube:6.7.6
-
cpe:2.3:a:sonarsource:sonarqube:7.0
-
cpe:2.3:a:sonarsource:sonarqube:7.1
-
cpe:2.3:a:sonarsource:sonarqube:7.2
-
cpe:2.3:a:sonarsource:sonarqube:7.2.1
-
cpe:2.3:a:sonarsource:sonarqube:7.3