Sonarsource Sonarqube : Security vulnerabilities, CVEs Bypass

CVE-2020-28002

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.

Max CVSS

5.3

EPSS Score

0.10%

Published

2020-11-02

Updated

2020-11-17

1 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!

Accept Close

Sonarsource » Sonarqube : Security Vulnerabilities, CVEs, (Bypass)

CVE-2020-28002