Security Advisory

CVE-2020-28002

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2020-10-30 02:06:43

Last updated 2024-08-04 16:25:43

Assigner mitre

State PUBLISHED

Description

In SonarQube 8.4.2.36762, an external attacker can achieve authentication bypass through SonarScanner. With an empty value for the -D sonar.login option, anonymous authentication is forced. This allows creating and overwriting public and private projects via the /api/ce/submit endpoint.

← Browse all CVEs View on cve.org ↗