CVE Radar Logo
CVERadar
CVE Radar Logo
CVERadar

CVE-2024-47910

Medium Severity
SVRS
30/100
CVSSv3
NA/10
EPSS
0.00093/1

CVE-2024-47910: SonarQube Administrator JWT Exfiltration. A vulnerability exists in SonarSource SonarQube before versions 9.9.5 LTA and 10.x before 10.5, allowing an administrator to modify GitHub integration configurations and exfiltrate a pre-signed JWT. The SVRS score of 30 suggests a moderate risk, although lower than critical, it should still be addressed. Although the CVSS score is 0, the presence of this exploit 'In The Wild' tag indicates active exploitation attempts, elevating the risk. An attacker could use the exfiltrated JWT to gain unauthorized access to resources and sensitive information managed by SonarQube. Applying the patch is crucial to prevent potential data breaches and maintain the security of your SonarQube instance. Failing to address this could lead to significant security compromises.

TAGS
In The Wild
VECTOR STRING
PUBLICATION DATE2024-10-04
LAST MODIFIED2024-10-07

Indicators of Compromise

No IOCs found for this CVE

Exploits

No exploits found for this CVE

Enhance Your CVE Management with SOCRadar Vulnerability Intelligence
Get comprehensive CVE details, real-time notifications, and proactive threat management all in one platform.
CREATE FREE ACCOUNT
CVE Details
Access comprehensive CVE information instantly
Real-time Tracking
Subscribe to CVEs and get instant updates
Exploit Analysis
Monitor related APT groups and threats
IOC Tracking
Analyze and track CVE-related IOCs

News

CVE-2024-47910 | SonarSource SonarQube up to 9.9.4 LTA/10.4 GitHub Integration access control (Nessus ID 214331)
vuldb.com2025-01-17
CVE-2024-47910 | SonarSource SonarQube up to 9.9.4 LTA/10.4 GitHub Integration access control (Nessus ID 214331) | A vulnerability was found in SonarSource SonarQube up to 9.9.4 LTA/10.4. It has been classified as critical. This affects an unknown part of the component GitHub Integration. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-47910. The attack can only be
vuldb.com
rss
forum
news
CVE-2024-47910 | SonarSource SonarQube up to 9.9.4 LTA/10.4 GitHub Integration access control
vuldb.com2024-10-05
CVE-2024-47910 | SonarSource SonarQube up to 9.9.4 LTA/10.4 GitHub Integration access control | A vulnerability was found in SonarSource SonarQube up to 9.9.4 LTA/10.4. It has been classified as critical. This affects an unknown part of the component GitHub Integration. The manipulation leads to improper access controls. This vulnerability is uniquely identified as CVE-2024-47910. The attack can only be initiated within the
cve-2024-47910
domains
urls
cves

Social Media

CVE-2024-47910 An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configurat… https://t.co/MnAAuniVOF
0
0
0

Affected Software

No affected software found for this CVE

References

ReferenceLink
[email protected]https://community.sonarsource.com/t/sonarqube-github-integration-information-leakage/126609
[email protected]https://sonarsource.atlassian.net/browse/SONAR-21795
[email protected]https://sonarsource.atlassian.net/browse/SONAR-21813

CWE Details

CWE IDCWE NameDescription
CWE-284Improper Access ControlThe software does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

CVE Radar

Real-time CVE Intelligence & Vulnerability Management Platform

CVE Radar provides comprehensive vulnerability intelligence by monitoring CVE databases, security advisories, and threat feeds. Get instant updates on new vulnerabilities, exploit details, and mitigation strategies specific to your assets.

Get Free Vulnerability Intelligence AccessAccess real-time CVE monitoring, exploit analysis, and threat intelligence