Vulnerability Description
A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnerability occurs because of improperly configured access controls that cause the API to return the externalIdentity field to non-administrator users. The attacker could use this information in subsequent attacks against the system.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Sonarsource | Sonarqube | < 7.4 |
Related Weaknesses (CWE)
References
- http://packetstormsecurity.com/files/150496/SonarSource-SonarQube-7.3-InformatioThird Party AdvisoryVDB Entry
- https://jira.sonarsource.com/browse/SONAR-11305Issue TrackingVendor Advisory
- http://packetstormsecurity.com/files/150496/SonarSource-SonarQube-7.3-InformatioThird Party AdvisoryVDB Entry
- https://jira.sonarsource.com/browse/SONAR-11305Issue TrackingVendor Advisory
FAQ
What is CVE-2018-19413?
CVE-2018-19413 is a vulnerability with a CVSS score of 4.3 (MEDIUM). A vulnerability in the API of SonarSource SonarQube before 7.4 could allow an authenticated user to discover sensitive information such as valid user-account logins in the web application. The vulnera...
How severe is CVE-2018-19413?
CVE-2018-19413 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-19413?
Check the references section above for vendor advisories and patch information. Affected products include: Sonarsource Sonarqube.