CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2024-47911

In SonarSource SonarQube 10.4 through 10.5 before 10.6, a vulnerability was discovered in the authorizations/group-memberships API endpoint that allows SonarQube users with the administrator role to inject blind SQL commands.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.7%

CVSS Severity

CVSS v3 Score 6.7

References

https://sonarsource.atlassian.net/browse/SONAR-22340

Products affected by CVE-2024-47911

Sonarsource » Sonarqube » Version: 10.4.0.87286

cpe:2.3:a:sonarsource:sonarqube:10.4.0.87286
Sonarsource » Sonarqube » Version: 10.4.1.88267

cpe:2.3:a:sonarsource:sonarqube:10.4.1.88267
Sonarsource » Sonarqube » Version: 10.5.0.89998

cpe:2.3:a:sonarsource:sonarqube:10.5.0.89998
Sonarsource » Sonarqube » Version: 10.5.1.90531

cpe:2.3:a:sonarsource:sonarqube:10.5.1.90531

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-47911

Products

Pricing

Contact Us