CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2020-28002

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 43.4%

CVSS Severity

CVSS v3 Score 5.3

CVSS v2 Score 5.0

References

https://csl.com.co/sonarqube-auditando-al-auditor-parte-ii/
https://csl.com.co/sonarqube-auditando-al-auditor-parte-ii/

Products affected by CVE-2020-28002

Sonarsource » Sonarqube » Version: 8.4.2.36762

cpe:2.3:a:sonarsource:sonarqube:8.4.2.36762

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-28002

Products

Pricing

Contact Us