mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-28 01:02:25 +00:00
52 lines
1.8 KiB
JSON
52 lines
1.8 KiB
JSON
{
|
|
"id": "CVE-2024-38460",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2024-06-16T15:15:51.910",
|
|
"lastModified": "2024-06-17T12:42:04.623",
|
|
"vulnStatus": "Awaiting Analysis",
|
|
"cveTags": [],
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs, etc)."
|
|
},
|
|
{
|
|
"lang": "es",
|
|
"value": "En SonarQube anterior a 10.4 y 9.9.4 LTA, los valores cifrados generados mediante la funci\u00f3n de cifrado de configuraci\u00f3n est\u00e1n potencialmente expuestos en texto plano como parte de los par\u00e1metros de URL en los registros (como registros de acceso de SonarQube, registros de proxy, etc.)."
|
|
}
|
|
],
|
|
"metrics": {
|
|
"cvssMetricV31": [
|
|
{
|
|
"source": "cve@mitre.org",
|
|
"type": "Secondary",
|
|
"cvssData": {
|
|
"version": "3.1",
|
|
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N",
|
|
"attackVector": "NETWORK",
|
|
"attackComplexity": "LOW",
|
|
"privilegesRequired": "HIGH",
|
|
"userInteraction": "NONE",
|
|
"scope": "UNCHANGED",
|
|
"confidentialityImpact": "HIGH",
|
|
"integrityImpact": "NONE",
|
|
"availabilityImpact": "NONE",
|
|
"baseScore": 4.9,
|
|
"baseSeverity": "MEDIUM"
|
|
},
|
|
"exploitabilityScore": 1.2,
|
|
"impactScore": 3.6
|
|
}
|
|
]
|
|
},
|
|
"references": [
|
|
{
|
|
"url": "https://community.sonarsource.com/t/sonarqube-ce-10-3-0-leaking-encrypted-values-in-web-server-logs/108187",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://sonarsource.atlassian.net/browse/SONAR-21559",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |