Описание
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
EPSS
Процентиль: 19%
0.00061
Низкий
7.2 High
CVSS3
Дефекты
CWE-284
Связанные уязвимости
CVSS3: 7.2
github
больше 1 года назад
An issue was discovered in SonarSource SonarQube before 9.9.5 LTA and 10.x before 10.5. A SonarQube user with the Administrator role can modify an existing configuration of a GitHub integration to exfiltrate a pre-signed JWT.
EPSS
Процентиль: 19%
0.00061
Низкий
7.2 High
CVSS3
Дефекты
CWE-284