In SonarQube before 10.4 and 9.9.4... CVE-2024-38460

- AV AC AU C I A
发布: 2024-06-16
修订: 2025-03-13

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).

0%

漏洞利用/PoC

暂无可用Exp或PoC

受影响的平台与产品

当前有2条受影响产品信息