Blind SQL Injection Vulnerability in SonarQube 10.4-10.5 Before 10.6
CVE-2024-47911

Currently unrated

Key Information:

Vendor: SonarSource
Vendor: CVE Published:; 4 October 2024

🔔 Create SonarSource Vulnerability Alert

What is CVE-2024-47911?

A vulnerability exists in SonarSource's SonarQube versions 10.4 and 10.5, prior to 10.6, affecting the authorizations/group-memberships API endpoint. This issue allows users with administrative privileges to inject blind SQL statements, potentially compromising the database integrity and security. The exploit can lead to unauthorized access to sensitive data, making it imperative for users to upgrade to patched versions.

References

https://sonarsource.atlassian.net/browse/SONAR-22340

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 4, 2024