CVE-2024-47911 | SonarSource SonarQube 10.4.x/10.5.x API Endpoint group-memberships sql injection

Inserito da Angelo Barbosa | Ott 5, 2024 | CVE

A vulnerability was found in SonarSource SonarQube 10.4.x/10.5.x. It has been declared as critical. This vulnerability affects unknown code of the file authorizations/group-memberships of the component API Endpoint. The manipulation leads to sql injection.

This vulnerability was named CVE-2024-47911. The attack can be initiated remotely. There is no exploit available.

It is recommended to upgrade the affected component.

CVE-2024-47911 | SonarSource SonarQube 10.4.x/10.5.x API Endpoint group-memberships sql injection

Post correlati

CVE-2024-23170 | mbed TLS up to 2.28.6/3.5.1 timing discrepancy

CVE-2024-37090 | StylemixThemes Masterstudy Elementor Widgets on WordPress sql injection

CVE-2024-29031 | Meshery up to 0.7.16 GetMeshSyncResources order sql injection (GHSL-2023-249)

CVE-2024-4009 | ABB 2.4 Display 55/2.4 Display 63/RoomTouch 4/BCU KNX KNX Bus-System authentication replay