CVE-2024-38460

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-38460
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-38460.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-38460
Aliases
Published
2024-06-16T15:15:51Z
Modified
2024-10-12T11:26:20.883992Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc).

References

Affected packages

Git / github.com/sonarsource/sonarqube

Affected ranges

Type
GIT
Repo
https://github.com/sonarsource/sonarqube
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*

2.12
2.6
2.7
2.8
2.9

3.*

3.1
3.1.1
3.2
3.4

4.*

4.4
4.4-RC1
4.4-RC2
4.4-RC3
4.5
4.5-RC1
4.5-RC2
4.5-RC3
4.5.1
4.5.1-RC1

5.*

5.0-RC1
5.0-RC2
5.0-RC3
5.0-RC4
5.0.1
5.1
5.1-RC1
5.1-RC2
5.1.1
5.1.2
5.2
5.2-RC1
5.2-RC2
5.2-RC3
5.3
5.3-RC2
5.3-RC3
5.4
5.4-M1
5.4-M10
5.4-M11
5.4-M12
5.4-M13
5.4-M14
5.4-M2
5.4-M3
5.4-M4
5.4-M5
5.4-M6
5.4-M7
5.4-M8
5.4-M9
5.4-RC1
5.4-RC2
5.4-RC3
5.4-RC4
5.5
5.5-M1
5.5-M10
5.5-M11
5.5-M12
5.5-M13
5.5-M14
5.5-M2
5.5-M3
5.5-M4
5.5-M5
5.5-M6
5.5-M7
5.5-RC1
5.5-RC2
5.6
5.6-RC1
5.6-RC2
5.6.1
5.6.2
5.6.3

6.*

6.0
6.0-RC1
6.0-RC2
6.1
6.1-RC1
6.1-RC2
6.1.1
6.2
6.2-RC1
6.2-RC2
6.2-RC3
6.2.1
6.3
6.3-RC1
6.3-RC4
6.3.0.18401
6.3.0.18587
6.3.0.18800
6.3.1
6.3.2
6.4
6.4-RC1
6.4-RC2
6.4-RC3
6.5
6.5-M2
6.5-M3
6.5-M4
6.5-RC1
6.5-RC2
6.6
6.6-RC1
6.7
6.7-RC1
6.7.1

7.*

7.0
7.0-RC1
7.5
7.6
7.7
7.8

8.*

8.0
8.2.0.32929
8.3.0.34182
8.4.0.35506
8.5.0.37579
8.7.0.41497
8.8.0.42792
8.9.0.43852

9.*

9.0.0.45539
9.1.0.47736
9.3.0.51899
9.5.0.56709
9.6.0.59041
9.7.0.61563
9.8.0.63668
9.9.0.65466
9.9.1.69595
9.9.2.77730
9.9.3.79811

Other

latest-silver-master-#65